MIME-Version: 1.0 X-Authentication-Warning: mx.elandsys.com: logan set sender to logan@elandsys.com using -f In-Reply-To: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RP_MATCHES_RCVD autolearn=ham version=3.3.2 Content-Disposition: inline References: <20140111071407.GA5742@mx.elandsys.com> <20140224125110.GA8537@mx.elandsys.com> Message-ID: <20140226072120.GA18722@mx.elandsys.com> Content-Type: text/plain; charset="utf-8" X-RT-Original-Encoding: utf-8 Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) by bugs.isc.org (Postfix) with ESMTP id 4B2542D20051 for ; Wed, 26 Feb 2014 07:21:35 +0000 (UTC) Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by mx.ams1.isc.org (Postfix) with ESMTP id 8DE14238428 for ; Wed, 26 Feb 2014 07:21:24 +0000 (UTC) (envelope-from logan@elandsys.com) Received: from mx.elandsys.com (IDENT:logan@localhost [127.0.0.1]) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id s1Q7LK4m003307 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 25 Feb 2014 23:21:21 -0800 (PST) Received: (from logan@localhost) by mx.elandsys.com (8.14.5/8.14.5/Submit) id s1Q7LKJo029219 for dhcp-bugs@isc.org; Tue, 25 Feb 2014 23:21:20 -0800 (PST) Delivered-To: dhcp-bugs@bugs.isc.org Subject: Re: [ISC-Bugs #35184] isc-dhcpd sandboxing patch User-Agent: Mutt/1.5.21 (2010-09-15) Return-Path: Dkim-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1393399281; bh=wOAUzLwQWbwTGrp0JcC/jEgURNrGdM2T9rNAWlHdHGk=; h=Date:From:To:Subject:References:In-Reply-To; b=PmCe5jpt/2LOjtjMPGpC74lEAeXi1S4RX7bFgINsSZOpSv9myJEluT+tJg2VyLrkA 71iVrtdsYqSASxs/wizJm6L8SAizkV/gyny5k9gtS/C/ow03cfzX3+reDYKhEPYCcB zcEZK+WcElb/QHPeJHJKmrJwNp6xLCWDEVhhyKKk= Dkim-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1393399281; i=@elandsys.com; bh=wOAUzLwQWbwTGrp0JcC/jEgURNrGdM2T9rNAWlHdHGk=; h=Date:From:To:Subject:References:In-Reply-To; b=fCMYXyarszOIF/YW1uYF1Oz+18YY+MZxzZB57HcVUYg5rA0p6FSgvAUygRbmeWvRY 9dUo/EcHmoOBwIehaCx9AlK+GGu0QPLhvXyayM1GImCzRLuEtB+v1yQpbilZnjVBHp iJABePEvTUsx9YZy0DEgCBFHI7oYYoTsD3r6/WZY= X-Original-To: dhcp-bugs@bugs.isc.org Date: Tue, 25 Feb 2014 23:21:20 -0800 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mx.ams1.isc.org To: Shawn Routhier via RT From: Loganaden Velvindron RT-Message-ID: Content-Length: 1321 On Wed, Feb 26, 2014 at 04:28:43AM +0000, Shawn Routhier via RT wrote: > On Mon Feb 24 12:51:27 2014, logan@elandsys.com wrote: > > > > > I saw that DHCP 4.3.0 was released. I would like to know if there is > > interest in the sandboxing patch for the next release of ISC-dhcpd. > > > > I've made further improvements to it. > > > > We are interested in it, but I have been allowing the Bind9 team to work on and > review the version of it you did for Bind9. After they complete their effort we > shall evaluate it and probably include something similar in DHCP. I would like > the two of them to use a similar style to allow for slightly easier updating in > the future. Hi Shawn, I've updated the diff to shape it closer to what Evan did. > > I do have some concerns about how difficult it will be to keep the code up to > date, but believe if the patch is written to require the admin to enable it at > configuration or run time it should be acceptable. > I have the same concerns, and that's why we've been talking to the bind team about a mailing list for contributors to test the sandbox each each release is close. Since we use dhcpd and bind in production environments, we're happy to push any changes upstream, and report issues, as we run with seccomp enabled on Linux servers. Kind regards, //Logan