MIME-Version: 1.0
X-Authentication-Warning: mx.elandsys.com: logan set sender to logan@elandsys.com using -f
In-Reply-To: <rt-3.8.6-32680-1393388923-1149.35184-5-0@isc.org>
X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.0
Content-Disposition: inline
References: <RT-Ticket-35184@isc.org> <20140111071407.GA5742@mx.elandsys.com> <rt-3.8.6-32481-1390500434-492.35184-5-0@isc.org> <20140224125110.GA8537@mx.elandsys.com> <rt-3.8.6-58876-1393246287-176.35184-5-0@isc.org> <rt-3.8.6-32680-1393388923-1149.35184-5-0@isc.org>
Message-ID: <20140515180550.GB2422@mx.elandsys.com>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) by bugs.isc.org (Postfix) with ESMTP id A625C2D20571 for <dhcp-bugs@bugs.isc.org>; Thu, 15 May 2014 18:05:52 +0000 (UTC)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by mx.pao1.isc.org (Postfix) with ESMTP id 2CB1E3493E9 for <dhcp-bugs@isc.org>; Thu, 15 May 2014 18:05:51 +0000 (UTC) (envelope-from logan@elandsys.com)
Received: from mx.elandsys.com (IDENT:logan@localhost [127.0.0.1]) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id s4FI5o8f013240 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <dhcp-bugs@isc.org>; Thu, 15 May 2014 11:05:51 -0700 (PDT)
Received: (from logan@localhost) by mx.elandsys.com (8.14.5/8.14.5/Submit) id s4FI5oxx006437 for dhcp-bugs@isc.org; Thu, 15 May 2014 11:05:50 -0700 (PDT)
Delivered-To: dhcp-bugs@bugs.isc.org
Subject: Re: [ISC-Bugs #35184] isc-dhcpd sandboxing patch
User-Agent: Mutt/1.5.21 (2010-09-15)
Return-Path: <logan@elandsys.com>
Dkim-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1400177151; bh=XR5oxm4iswEaRuztCr4neIzdWvfuND1vD6aEtTZ1Mrg=; h=Date:From:To:Subject:References:In-Reply-To; b=cgC6hlhZypDhWVbEZsI/4Bp8EYTkuE654ntupWmTZA4Z3M0BCWDX4lIqmiN7FMUmg 5KQNx4YLx3E8r+6KFBcUJVOMW0ioEjPSTXbWCJD3UvQhL4bRRq8fh/uEs/NZ6VuX3T +DXp1fWHz1nvQ7S/P6i4PKsMN8Fc1NycBWi9d8a4=
Dkim-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1400177151; i=@elandsys.com; bh=XR5oxm4iswEaRuztCr4neIzdWvfuND1vD6aEtTZ1Mrg=; h=Date:From:To:Subject:References:In-Reply-To; b=PdsMu63ARNDnNHCnsyUzj+8HYuoMUxUL6Bg9rKXh5Xq7cyPxXV2wUHM02KhvAr8JP ul5OiOleJr77MamTqAICT5Gau//+/0nEzCAvzz6clMxnM0kmZddU7/rBUnvF2CldcH Bth+ixQ0wsXL7ikA8hKSLjUNbFofGqYZAyyILCIo=
X-Original-To: dhcp-bugs@bugs.isc.org
Date: Thu, 15 May 2014 11:05:50 -0700
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org
To: Shawn Routhier via RT <dhcp-bugs@isc.org>
From: Loganaden Velvindron <logan@elandsys.com>
RT-Message-ID: <rt-3.8.6-35151-1400177153-1923.35184-0-0@isc.org>
Content-Length: 1174

On Wed, Feb 26, 2014 at 04:28:43AM +0000, Shawn Routhier via RT wrote:
> On Mon Feb 24 12:51:27 2014, logan@elandsys.com wrote:
> 
> >
> > I saw that DHCP 4.3.0 was released. I would like to know if there is
> > interest in the sandboxing patch for the next release of ISC-dhcpd.
> >
> > I've made further improvements to it.
> >
> 
> We are interested in it, but I have been allowing the Bind9 team to work on and
> review the version of it you did for Bind9. After they complete their effort we
> shall evaluate it and probably include something similar in DHCP. I would like
> the two of them to use a similar style to allow for slightly easier updating in
> the future.

Hi Shawn,

I've put the finishing touches to the bind-seccomp patch. Evan is going
to review it.


> 
> I do have some concerns about how difficult it will be to keep the code up to
> date, but believe if the patch is written to require the admin to enable it at
> configuration or run time it should be acceptable.
> 

I've modified the configure.in code in bind to have better suppor
for detection of seccomp.

Would you be interested in a similar addition for the dhcpd-seccomp 
sandbox patch ?