On Mon, 29 Feb 2016 09:48:32 -0700, Theo de Raadt wrote: > PRIV_START / PRIV_END is not privsep by any means. It is the > old cron-style "drop id, do action, regain id" model.
Most of the PRIV_START / PRIV_END should be removed. There are a few instances where we need to drop setgid when opening files, however. Removing those calls needs to be done very carefully. - todd
