Thanks for the comments, some good things to think about. Out of interest, can anyone think of some good examples of daemons which call ctl commands, just wanting to review the patterns and approach, and what is the best, best practice examples today.
On Mon, 18 May 2020, 16:46 Theo de Raadt, <[email protected]> wrote: > Claudio Jeker <[email protected]> wrote: > > > Last note, please do not try to directly talk to the daemons always pass > > via the *ctl program. The API used between for example bgpd and bgpctl > > is not public and also not stable. It requires that both tools are in > > sync. > > There is an additional reason for doing this. Having to do fork+exec is > a form of privsep, especially if pledge/unveil are used carefully. >
