Hi
I was just trying to pledge(2) spamd(8), nevertheless came across 2
priviliges kern_pledge.c is missing for this to work.
First spamd(8) needs to read sysctl kern.maxfiles in order to see if it
can launch with that value or not, and second if the multicast options
are passed
> I was just trying to pledge(2) spamd(8), nevertheless came across 2
> priviliges kern_pledge.c is missing for this to work.
>
> First spamd(8) needs to read sysctl kern.maxfiles in order to see if it
> can launch with that value or not, and second if the multicast option
On 2015-10-28 17:47, Theo de Raadt wrote:
>> I was just trying to pledge(2) spamd(8), nevertheless came across 2
>> priviliges kern_pledge.c is missing for this to work.
>>
>> First spamd(8) needs to read sysctl kern.maxfiles in order to see if it
>> can launch with
> Also, I wonder what the point of having a sanity check against
> kern.maxfiles at all is, especially with the arbitrary-feeling
> additional rule of "maxcon may not exceed kern.maxfiles - 200". It feels
> redundant to me, and it sort of makes a promise of protection it can't
> uphold.
That code