On Thu, Sep 14, 2017 at 01:40:31AM -0400, Bryan Steele wrote:
> On Wed, Sep 13, 2017 at 09:53:09PM -0400, Bryan Steele wrote:
> > On Wed, Sep 13, 2017 at 08:58:28PM -0400, Bryan Steele wrote:
> > >
> > > 'rpath dns' for DNS lookups
> > >
> >
> > To clarify, "rpath" is not needed for DNS lookups,
On Wed, Sep 13, 2017 at 09:53:09PM -0400, Bryan Steele wrote:
> On Wed, Sep 13, 2017 at 08:58:28PM -0400, Bryan Steele wrote:
> >
> > 'rpath dns' for DNS lookups
> >
>
> To clarify, "rpath" is not needed for DNS lookups, but currently for
> other address to name translations, i.e:
On Wed, Sep 13, 2017 at 08:58:28PM -0400, Bryan Steele wrote:
>
> 'rpath dns' for DNS lookups
>
To clarify, "rpath" is not needed for DNS lookups, but currently for
other address to name translations, i.e: getrpcbynumer(3) and
ether_ntohost(3).
OpenBSD's tcpdump(8) is separated into two processes: The packet parser
that will chroot(2) if possible, drop to an unprivileged user, and then
pledge(2) itself tightly as "stdio" before entering its main loop.
And the priviledged "monitor" process, which opens and fdpasses bpf(4)
and any