I'm not sure if this makes sense, since tame(2) was designed to operate
on processes after they have already been initialized, and this would
set the allowed operations before initializing the process.
It's a fairly simple change to get the basics working as shown here,
but it's currently not
Hi
I'm not sure I can think of many uses for this, tame is not something
you are intended to just apply blindly, do you have any use cases?
I think the -aCcdghIiRSptuw approach is a bad idea and it would be
better to do it with named flags like -o abort,cmsg,cpath. Maybe take a
look at
On Mon, Jul 20, 2015 at 10:41:08AM -0600, Theo de Raadt wrote:
On Mon, Jul 20, 2015 at 12:04:43PM -0400, Ted Unangst wrote:
chroot is probably the best comparision. yes, we provide a chroot(1), but
There is no chroot(1). :p
practically nothing uses it. everything is instead calling
On 07/20 09:36, Nicholas Marriott wrote:
Hi
I'm not sure I can think of many uses for this, tame is not something
you are intended to just apply blindly, do you have any use cases?
Well, there is the example in the man page. :) But no, currently it's
not very useful, as more complex programs
Sorry, should have made things clearer. I just meant that chroot was
a bad comparison. I can't see any sane use of a tame(1) at the
moment.
No, no no, Ted's comments are completely valid.
You cannot replace the narrow chroot calls in the privsep daemons with
chroot(8) run externally.
Any
Jeremy Evans wrote:
If this is worthy of more work, the command line options can certainly
be changed. I just used getopt(3) since it seemed like the easiest
way to handle it.
I talked with theo about this some. I'd say it's probably too early, and may
lead us down a weird path, where tame
On Mon, Jul 20, 2015 at 12:04:43PM -0400, Ted Unangst wrote:
chroot is probably the best comparision. yes, we provide a chroot(1), but
There is no chroot(1). :p
practically nothing uses it. everything is instead calling chroot(2) on its
own. the things that do use chroot(1) are doing so
On Mon, Jul 20, 2015 at 12:04:43PM -0400, Ted Unangst wrote:
chroot is probably the best comparision. yes, we provide a chroot(1), but
There is no chroot(1). :p
practically nothing uses it. everything is instead calling chroot(2) on its
own. the things that do use chroot(1) are doing so for
