Re: security/sshlockout: use DIOCADDADDRS and remove "proc exec" from pledge.

"Theo de Raadt" wrote: > > On 2017/11/14 18:31, Jeremie Courreges-Anglas wrote: > > > On Sun, Nov 12 2017, sunil+po...@nimmagadda.net wrote: > > > > Hi, > > > > > > Hi Sunil, > > > > > > > This diff replaces a system(3) call to insert an address into a pf > > > > table with

Re: security/sshlockout: use DIOCADDADDRS and remove "proc exec" from pledge.

> On 2017/11/14 18:31, Jeremie Courreges-Anglas wrote: > > On Sun, Nov 12 2017, sunil+po...@nimmagadda.net wrote: > > > Hi, > > > > Hi Sunil, > > > > > This diff replaces a system(3) call to insert an address into a pf > > > table with ioctl(DIOCADDADDRS) which allows removal of "proc exec" > >

Re: security/sshlockout: use DIOCADDADDRS and remove "proc exec" from pledge.

On 2017/11/14 18:31, Jeremie Courreges-Anglas wrote: > On Sun, Nov 12 2017, sunil+po...@nimmagadda.net wrote: > > Hi, > > Hi Sunil, > > > This diff replaces a system(3) call to insert an address into a pf > > table with ioctl(DIOCADDADDRS) which allows removal of "proc exec" > > from the pledge

Re: security/sshlockout: use DIOCADDADDRS and remove "proc exec" from pledge.

On Sun, Nov 12 2017, sunil+po...@nimmagadda.net wrote: > Hi, Hi Sunil, > This diff replaces a system(3) call to insert an address into a pf > table with ioctl(DIOCADDADDRS) which allows removal of "proc exec" > from the pledge promises. Interesting. So DIOCRADDADDRS isn't restricted by

security/sshlockout: use DIOCADDADDRS and remove "proc exec" from pledge.

Hi, This diff replaces a system(3) call to insert an address into a pf table with ioctl(DIOCADDADDRS) which allows removal of "proc exec" from the pledge promises. Updated patch-sshlockout.c follows. Please share suggestions/feedback. Index: sshlockout.c --- sshlockout.c.orig +++ sshlockout.c