CVSROOT: /cvs
Module name: src
Changes by: mart...@cvs.openbsd.org 2022/09/01 08:34:17
Modified files:
usr.sbin/snmpd : application.h application_agentx.c mib.c
snmpd.c snmpd.h snmpe.c
Log message:
Add privilege separation to snmpd.
This uses the just imported snmpd_metrics as a new (agentx-based) backend.
Snmpd(8) executes all files in /usr/libexec/snmpd and treats regions
registered by these binaries as authorative, so that no other agentx
backends can overwrite them. The snmpe process is now pledged
"stdio recvfd inet unix".
This removes quite a few entries from the sysORTable, but the current
entries are non-compliant anyway and should be completely revisisted at a
later time.
Reduces the time for a full walk by about a factor of 4, bringing us close
to the original speed before application.c was introduced.
General design discussed with claudio@
Tested by and OK sthen
Release build test and OK tb@
