Am Thu, Feb 11, 2021 at 11:29:58AM +0100 schrieb Alexander Bluhm:
> - recommit in /usr/src/usr.sbin -> we loose history
I know no one cares about git, but if the move was committed in a
"single cvs commit", git would understand it's simply a move of files.
So yeah, cvs wouldn't cope, but git
On Wed, Feb 10, 2021 at 04:16:10PM -0700, Theo de Raadt wrote:
> When I re-ordered rc in Slovenia many years ago, I got it right.
NFS /usr over IPsec cannot work. Without IPsec it is fine.
1. mount -s /usr >/dev/null 2>&1
2. start_daemon syslogd ldattach pflogd nsd unbound ntpd
3. start_daemon
Oh wait I misread.
When I re-ordered rc in Slovenia many years ago, I got it right.
So, I think we should move these two daemons.
Addendum: shared library linking increases the .so footprint, and
cross-.so ROP attacks are a tiny bit more difficult in OpenBSD.
Alexander Bluhm wrote:
> Hi,
>
> Every time we ship a libcrypto erratum, we have to relink isakmpd.
> I think that isakmpd and iked are in /sbin due to a historic mistake.
> Probably it is for people who mount /usr via NFS over IPsec.
That was the reason originally. Today I am not sure it
On Wed, Feb 10, 2021 at 06:33:49PM +0100, Alexander Bluhm wrote:
> Hi,
>
> Every time we ship a libcrypto erratum, we have to relink isakmpd.
> I think that isakmpd and iked are in /sbin due to a historic mistake.
> Probably it is for people who mount /usr via NFS over IPsec.
>
> Moving isakmpd