PRIV_START / PRIV_END is not privsep by any means. It is the
old cron-style "drop id, do action, regain id" model.
I don't think you understand what is being done here.
> I have a diff out there right now on these files but I noticed the
> following:
>
>
> /*
> * Scan the current directory and make a list of daemon files sorted by
> * creation time.
> * Return the number of entries and a pointer to the list.
> */
> int
> getq(struct queue ***namelist)
> {
> struct dirent *d;
> struct queue *q, **queue = NULL;
> size_t nitems = 0, arraysz;
> struct stat stbuf;
> DIR *dirp;
>
> PRIV_START;
> dirp = opendir(SD);
> PRIV_END;
>
>
> yet in ckqueue
>
> if (cgetstr(cap, "sd", &spooldir) >= 0) {
> dirp = opendir(spooldir);
> free(spooldir);
> } else
> dirp = opendir(_PATH_DEFSPOOL);
>
> there is no privsep for same action of opendir.
>
> This should also be added here, right?
>
> Chris
>
