CVSROOT: /cvs Module name: src Changes by: mart...@cvs.openbsd.org 2022/09/01 08:34:17
Modified files: usr.sbin/snmpd : application.h application_agentx.c mib.c snmpd.c snmpd.h snmpe.c Log message: Add privilege separation to snmpd. This uses the just imported snmpd_metrics as a new (agentx-based) backend. Snmpd(8) executes all files in /usr/libexec/snmpd and treats regions registered by these binaries as authorative, so that no other agentx backends can overwrite them. The snmpe process is now pledged "stdio recvfd inet unix". This removes quite a few entries from the sysORTable, but the current entries are non-compliant anyway and should be completely revisisted at a later time. Reduces the time for a full walk by about a factor of 4, bringing us close to the original speed before application.c was introduced. General design discussed with claudio@ Tested by and OK sthen Release build test and OK tb@