I have a program that I believe needs inet to talk to a database(libhiredis). I do pass file descriptors to it. I don't suppose making it run as a different user and limiting the pf config would really lock it down without losing functionality. Maybe I'm too paranoid. On Sat, Apr 29, 2017 at 9:51 AM Reyk Floeter <r...@openbsd.org> wrote:
> > > Am 26.04.2017 um 13:38 schrieb Luke Small <lukensm...@gmail.com>: > > > > Pledge will presumably have per process (including fork()ed process) > **path > > limitations on rpath rpath and wpath calls, why not limitations on inet > and > > unix? > > We usually want to isolate our network speakers from the local system - > combining inet and rpath/wpath should be avoided. > > Use privsep and fd passing to open the socket in another process with the > capability to do so. > > This is what we do in most daemons. > > Or open the socket before pledge for static configurations. > > Reyk > > >> On Wed, Apr 26, 2017 at 6:26 AM Janne Johansson <icepic...@gmail.com> > wrote: > >> > >> 2017-04-26 13:19 GMT+02:00 Luke Small <lukensm...@gmail.com>: > >> > >>> I'm not saying to alter pledge necessarily, maybe make new system call > >>> like pledge. There aren't any per-process pf rules that are applied. > >> > >> > >> If your daemon has a specific user, you can make such rules in PF. > >> The goal you stated can be reached already, why keep on suggesting new > >> syscalls? > >> > >> > >> -- > >> May the most significant bit of your life be positive. > >> > >