CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/06/03 23:43:00
Modified files:
usr.sbin/smtpd : Makefile smtpd.c
usr.sbin/smtpd/smtpd: Makefile
Added files:
usr.sbin/smtpd/smtpd: Makefile.inc Makefile.inc.orig
Makefile.orig
usr.sbin/smtpd/smtpd-ca: Makefile
usr.sbin/smtpd/smtpd-control: Makefile
usr.sbin/smtpd/smtpd-dispatcher: Makefile
usr.sbin/smtpd/smtpd-lka: Makefile
usr.sbin/smtpd/smtpd-queue: Makefile
usr.sbin/smtpd/smtpd-scheduler: Makefile
Log message:
smtpd was already fork+exec privsep, and starts 6 copies which are
the same binary.
I first decided to random-relink smtpd because of some recent close
calls (in the IPC codepaths, which could have played part in lateral
movement following a primary hole). Then it dawned on me that I can
random relink each of the privsep binaries to be unique, in the same
style as sshd.
Each binary now contains a lot of code it does not need (and is not
reached, but the code remains). That can be refactored as a later
step.
The new /etc/rc relink code will automaticall pick these up.
vague approval martijn, gilles, millert
