Aug 29 2023
The change looks Okay to me but I wonder if we should separate the variable into two cached values, one for new and the other for !new.
Aug 28 2023
Aug 8 2023
Mar 26 2023
Mar 6 2023
Merged as https://reviews.freebsd.org/rGe4520c8bd1d3 .
Mar 4 2023
Are there any objections to continuing with the creation of the vendor/openssl-3.0 branch?
Mar 3 2023
Mar 2 2023
Part of what I would like to do based on informal discussions in IRC is to put OpenSSL 3 into its own subdirectory, make it into a private library (props goes to @dim for the idea!) and transition utilities in base over to OpenSSL 3, then work on the ports story with @brnrd .
Mar 1 2023
I assume your vendor/openssl-3.0 branch started from the current vendor/openssl?
Nov 30 2022
Sep 21 2022
Sep 8 2022
I can't see how this can be used maliciously, e.g. forcing some application outside of jail to send its SCM_RIGHTS to a jail. Even if such case exists for a certain application, that would be bug in that application, IMHO. The initial idea of SCM_RIGHTS was actually to grant rights intentionally, so there can be a valid case for a certain application that wants to grant rights to its peer in a jail.
Sep 1 2022
Jun 3 2022
Mar 29 2022
For example it is possible to share file descriptor tables, and one of the processes may not be encumbered by the jail.
I'm going to have to sleep on the approach. This is a known escape, but I don't know if the method used can fully plug it. For example it is possible to share file descriptor tables, and one of the processes may not be encumbered by the jail. As is it does solve it for processes which have no way to talk to each other apart from a partially shared fs though.
Mar 28 2022
Mar 16 2022
Mar 15 2022
Mar 14 2022
Feb 17 2022
I'll do the commit. Thanks to Greg for writing this and to everyone who helped to review it!
Feb 16 2022
Who is going to do the actual commit? I'm happy to do it if no-one else wants to? Whoever does it has csprng@ green-light.
Last nit can be done pre-commit or I can whack it post-commit; ok from lua perspective.
Is this ready to be committed? I'm happy to do it myself but markm said he was going to commit (prior to the latest round of changes) -- don't want to commit prematurely if you're still waiting for something.
Jan 29 2022
Jan 28 2022
Yep, I've had basically the exact same opinion as @delphij about the copyright. Let's go with Intel.
Jan 27 2022
Jan 26 2022
So seems like it's easier to just do it all in core.lua, which is where lots of config accesses are anyway.
Jan 17 2022
Jan 16 2022
err, I have not addressed the "isUEFIBoot" thing and the "This file needs a copyright / license at the top" thing…
Jan 15 2022
Thanks! Can you also MFC it to stable/13 after a week?
Jan 14 2022
Is this waiting for anything else before it gets committed?