Paraphrasing an excerpt of my commit on getent(1) to add unveil(2): "After a discussion with millert@ regarding YP then deraadt@ chimed in referring that when he wrote this code even though we can have YP mappings with several of these dbs "it doesn't mean that things use it, or should, or will" so adding unveil(2) here should not impact any YP environments."
I think we can let it go. On 22:01 Fri 09 Nov , Jonathan Matthew wrote: > On Thu, Nov 08, 2018 at 08:05:13PM -0500, Bryan Steele wrote: > > These libc functions are used to map hardware MAC addresses to hostnames > > and vice versa. If it exists, /etc/ethers will typically contain a > > number of lines like so: > > > > 34:00:8a:56:10:20 superman > > > > In addition to that, there is support for using a YP (nee Yellow Pee) > > lookup service: > > > > "If a '+' appears alone on a line in the file, then ether_hostton() will > > consult the x ethers.byname YP map, and ether_ntohost() will consult the > > ethers.byaddr YP map." > > > > This support currently interferes with my work to reduce the pledge(2) > > in tcpdump(8), as the "inet" promise is required to perform these > > lookups.. > > > > I've come up with small a diff to remove it, but it was suggested there > > may be some interactions with ldap, and I'm not sure how important this > > functionality may be to existing YP users (I am not one). > > ypldap does not provide ethers.byname or ethers.byaddr maps, if that's the > ldap interaction in question here. >
