On 2021/03/16 18:18, Renaud Allard wrote: > > > On 16/03/2021 17:46, Stuart Henderson wrote: > > > Exim has a big monolothic process design and lots of optional features > > many of which pull in third party libraries which are complex themselves > > (and *also* will have to deal with the same pledge restrictions which > > again may vary in what functions they call depending on user config). > > > > Maybe it's fine for some limited use cases, but it feels that there's > > way too much in-scope for this to be a success for the general use case. > > > > In fact, I scanned the code looking for calls, so this should be ready for > general use. I could have restricted it way more for my own use only. > Though, I agree, this only protects from a very limited subset like route, > settime, pf, audio, video.
Even if you scanned the relevant code (which includes openldap, mariadb client library, cyrus-sasl) people updating those in the future can't be expected to look at how the library code changes to figure out if it's going to have a bad effect on pledge in exim.. > So, here is a diff without pledge but with the SIOCGIFCONF call removed as > this should really be tested. That looks like a sensible change, happy to commit that if it works ok (I don't run exim).
