e...@thyrsus.com said: >> I think you have jumped to an unreasonable conclusion by assuming that Go >> makes seccomp unintestering. Are you going to rewrite OpenSSL in Go? > No. There's an opennsl binding: ...
That's the whole point of my comment. OpenSSL is written in c. If there is a typical buffer overrun bug in OpenSSL, seccomp would be as helpful for a Go version of ntpd as it is for the current version. If you want to claim your Go program has no buffer overruns, you can't call out to big complicated libraries written in c. You would have to rewrite them in Go. -------- Re early-droproot We should split enable-seccomp from drop root. Early drop root is good. Late enable-seccomp is good. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
