Deal, I'll redesign it, with imsg and privsep to do the inet functions. In the process it'll probably fix what I want from it.
Thanks! -peter On 10/23/17 19:25, Theo de Raadt wrote: > Basically, you want your program to be able to do everything. > > pledge isn't a wand you wave over software and then it is secure. The > subsets of POSIX which remain come with downsides which you MUST > consider. > > You aren't listening to what pledge is telling you -- that if you want > security, you should redesign it to operate in a privsep fashion.
