Hi On Thu, Jun 04, 2015 at 03:39:45PM -0600, Theo de Raadt wrote: > > Is it just to avoid adding sendmsg to the ports systrace policy? Why not > > add it - maybe not globally but just for file? > > sendmsg with a CMSG fd passing in/out of such a jail is a bad thing.
The systrace policy already allows recvmsg(). So we can get new fds in, why not send them out? Any fd we have inside to send out will have had to have passed the open(), bind() etc systrace rules already. > > However. > > It is likely that a ports configure test may try to test this interface. > Not just CMSG, but sendmsg itself. > > It suspect it needs to find that it works. > > I doubt this is a system call that can be blocked. > > It sounds like a great idea to limit the build environment substantially, > but an eye must be kept on fallout from being too strict. That's the > problem with systrace; it is too easy to return an 'error' and a program > will continue... >
