MIME-Version: 1.0
X-Authentication-Warning: mx.elandsys.com: logan set sender to logan@elandsys.com using -f
In-Reply-To: <rt-3.8.6-32680-1393388923-1149.35184-5-0@isc.org>
X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.0
Content-Disposition: inline
References: <RT-Ticket-35184@isc.org> <20140111071407.GA5742@mx.elandsys.com> <rt-3.8.6-32481-1390500434-492.35184-5-0@isc.org> <20140224125110.GA8537@mx.elandsys.com> <rt-3.8.6-58876-1393246287-176.35184-5-0@isc.org> <rt-3.8.6-32680-1393388923-1149.35184-5-0@isc.org>
Message-ID: <20140519143805.GB22064@mx.elandsys.com>
Content-Type: text/plain; charset="utf-8"
X-RT-Original-Encoding: utf-8
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) by bugs.isc.org (Postfix) with ESMTP id A5F562D20051 for <dhcp-bugs@bugs.isc.org>; Mon, 19 May 2014 14:38:11 +0000 (UTC)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by mx.pao1.isc.org (Postfix) with ESMTP id 7C4FE3493AE for <dhcp-bugs@isc.org>; Mon, 19 May 2014 14:38:07 +0000 (UTC) (envelope-from logan@elandsys.com)
Received: from mx.elandsys.com (IDENT:logan@localhost [127.0.0.1]) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id s4JEc58O016497 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <dhcp-bugs@isc.org>; Mon, 19 May 2014 07:38:06 -0700 (PDT)
Received: (from logan@localhost) by mx.elandsys.com (8.14.5/8.14.5/Submit) id s4JEc5ZE000380 for dhcp-bugs@isc.org; Mon, 19 May 2014 07:38:05 -0700 (PDT)
Delivered-To: dhcp-bugs@bugs.isc.org
Subject: Re: [ISC-Bugs #35184] isc-dhcpd sandboxing patch
User-Agent: Mutt/1.5.21 (2010-09-15)
Return-Path: <logan@elandsys.com>
Dkim-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1400510286; bh=4YN8YlCWx/wj+Np69QzYYM5pEJ2lk8bRxL0Bn/MQTec=; h=Date:From:To:Subject:References:In-Reply-To; b=njBwHtnQF4f8XTbadehQg7aXAiEs1JRgg+0PGeY1umbkAvLaAWM57QbWTOHMaTMt9 ZbPIsKLPq9ubariL83Cqd8C4g400gvhZ7KQfmOl63MqPqTuTNl4wMVeURkeJy7cCJK tTrfgV0SqReu0nrvkgv1iIbgkPhCDP5/BY0GO40c=
Dkim-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1400510286; i=@elandsys.com; bh=4YN8YlCWx/wj+Np69QzYYM5pEJ2lk8bRxL0Bn/MQTec=; h=Date:From:To:Subject:References:In-Reply-To; b=I02Y0grP/19jWWX0IGPht51NFy6AeX1zWxfOfI5Ka69oXDHdOBZHjC7dFH3UYO6nw e+HgaFkJMnSMpIk02DifijbYZu71EoGufbrWqDShr8yyVa87SWOMotJAgmBAhJqivg R0eWIF1og1boXop/hKf5/KM70sjp0C8Qtg4sKyr0=
X-Original-To: dhcp-bugs@bugs.isc.org
Date: Mon, 19 May 2014 07:38:05 -0700
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org
To: Shawn Routhier via RT <dhcp-bugs@isc.org>
From: Loganaden Velvindron <logan@elandsys.com>
RT-Message-ID: <rt-3.8.6-35146-1400510292-1479.35184-0-0@isc.org>
Content-Length: 1016

On Wed, Feb 26, 2014 at 04:28:43AM +0000, Shawn Routhier via RT wrote:
> On Mon Feb 24 12:51:27 2014, logan@elandsys.com wrote:
> 
> >
> > I saw that DHCP 4.3.0 was released. I would like to know if there is
> > interest in the sandboxing patch for the next release of ISC-dhcpd.
> >
> > I've made further improvements to it.
> >
> 
> We are interested in it, but I have been allowing the Bind9 team to work on and
> review the version of it you did for Bind9. After they complete their effort we
> shall evaluate it and probably include something similar in DHCP. I would like
> the two of them to use a similar style to allow for slightly easier updating in
> the future.
> 

Hi Shawn, 

I made further improvements to the isc-dhcpd seccomp diff and
Evan committed support for seccomp in BIND.


> I do have some concerns about how difficult it will be to keep the code up to
> date, but believe if the patch is written to require the admin to enable it at
> configuration or run time it should be acceptable.
>