> > > > I really want to delete telnet entirely,
> > >
> > > I often use it for testing unencrypted SMTP and HTTP across the
> > > Internet. Which tool would you recommend for that purpose?
> >
> > nc(1).
>
> I use telnet fairly often for connecting to things like crappy switches,
> crappy routers, APs of varying crappiness, etc. nc -t isn't close to being
> good enough for this, also with nc it's difficult to send things like ^C
> (even worse, if you use it much you forget about this and end up killing
> your connection). I wouldn't mind having it removed from base, but would
> need to go in ports unless nc gets a lot of polishing.
This conversation is going far too meta.
I am not deleting telnet. That is why I am going through the effort
of shrinking it, and then pledging it.
pledge is even more relevant when dealing with bowls of unmaintained
spaghetti.
> > > You might wish to cross-check these three points though:
> > >
> > > * Does "inet" actually allow the following setsockopt()
> > > arguments: SO_DEBUG, SO_RTABLE, IP_TOS, IPV6_TCLASS?
> > > I know nothing about socket options.
> >
> > I think all of those should be deleted, except perhaps SO_RTABLE,
> > which should be done line in nc(1).
>
> TOS/TCLASS are somewhat important, nc and ssh in client mode also
> use them. IP_TOS is permitted by "inet". IPV6_TCLASS was missed but
> should be added, it's the IPv6 equivalent to IP_TOS.
>
> Index: kern_pledge.c
> ===================================================================
> RCS file: /cvs/src/sys/kern/kern_pledge.c,v
> retrieving revision 1.106
> diff -u -p -r1.106 kern_pledge.c
> --- kern_pledge.c 10 Nov 2015 04:30:59 -0000 1.106
> +++ kern_pledge.c 13 Nov 2015 17:11:20 -0000
> @@ -1275,6 +1275,7 @@ pledge_sockopt(struct proc *p, int set,
> break;
> case IPPROTO_IPV6:
> switch (optname) {
> + case IPV6_TCLASS:
> case IPV6_UNICAST_HOPS:
> case IPV6_RECVHOPLIMIT:
> case IPV6_PORTRANGE:
Yes, I decided they should stay. Commited the same diff 1 minute ago
already.
