[prev in list] [next in list] [prev in thread] [next in thread]
List: fossil-dev
Subject: Re: [fossil-dev] Adding pledge() calls to Fossil
From: "Joseph R. Justice" <jayarejay () gmail ! com>
Date: 2018-01-21 6:04:43
Message-ID: CAC58tq8=ZY7KpnZVFot3a-8mCYXCabNZN5U4gTj95_vNVY5dDA () mail ! gmail ! com
[Download RAW message or body]
On Mon, Jan 15, 2018 at 11:27 AM, Richard Hipp <drh@sqlite.org> wrote:
I will accept check-ins to a branch that invoke the fossil_pledge(X,Y)
> utility function. The fossil_pledge(X,Y) function is a macro that
> evaluates to a no-op except when compiled with -DFOSSIL_HAVE_PLEDGE.
> If the FOSSIL_HAVE_PLEDGE macro is defined, then a routine is called
> when invokes pledge() and errors out if there is a problem.
>
> See check-in https://www.fossil-scm.org/fossil/info/7b81a9993b4c8192
One question: Given that previously in this discussion thread mention was
made of other mechanisms which provide similar capabilities for other
operating systems as pledge does for OpenBSD, e.g. seccomp for Linux and
capsicum for FreeBSD, would it make some sense to try to abstract this sort
of thing as much as is reasonable and possible to do such that one
FOSSIL_HAVE_(Something) macro will enable this sort of functionality for
any operating system which can provide this sort of capability, at least
which Fossil has been configured to make use of? Instead of having to have
separate FOSSIL_HAVE_PLEDGE, FOSSIL_HAVE_SECCOMP, FOSSIL_HAVE_CAPSICUM, etc
macros and related code scattered throughout the code base?
I realize this is early days for all this stuff, and perfection is the
enemy of good enough, etc, but I just wanted to raise the point for
consideration before tons of work is done throughout the code base to
enable this for one operating system, only to find later that it needed to
be drastically reworked or torn out altogether to provide for enabling it
on a second or third operating system.
Thanks for your time.
Joseph
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon>
Virus-free.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
_______________________________________________
fossil-dev mailing list
fossil-dev@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic