On Sat, Dec 16 2017, Giovanni Bechis <giova...@paclan.it> wrote: > On 12/15/17 17:51, Jeremie Courreges-Anglas wrote: >> On Wed, Nov 22 2017, Giovanni Bechis <giova...@paclan.it> wrote: >>> Hi, >>> update to latest release, some bug fixes and pledge(2) support >>> committed upstream. >> >> I don't use this but the update looks fine ports-wise. ok jca@ fwiw >> >>> Pledge(2) support is enabled only if the daemon is not run with "-o >>> no_drop_privileges" parameter; >>> do we want to go the way upstream goes or should we disable the possibility >>> to disable pledge(2) ? >> >> I would not bother disabling this, but if you do make it obvious that >> -o no_drop_privileges won't work. If people use the option as >> a workaround and slack off instead of reporting bugs, they're the ones >> not benefiting from pledge(2), which is not a smart thing to do. >> > what about this one ?
I have a knee-jerk reaction whenever I see #ifdef SOME_OS, I would have implemented this as a configure-time option which would be usable on other systems that provide sandboxing. Words are cheap and I don't care enough to write a diff, so please go ahead with whatever suits you. ;) -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
