On 03/11/2018 18:53, Christos Zoulas wrote:
If you want this new global option to default to off (which I strongly disagree with - sweeping issues under the carpet should not be a default option), then can we also have a man page update to describe this behaviour please.Well, it has to default to off, since we keep finding new programs we need to fix.
From what ships with NetBSD I think only bind we missed and now fixed?So that just leaves syslogd as the outlier which you have constantly complaied about. I know that other logging systems set the receive buffer to the biggest they can and supply options to set a runtime size - both options would surely help here.
I've not seen or heard about any other programs that need addressing, other than the various ATF test cases that have been added. Can you give examples please?
The new behavior is "new" and old programs are not designed with it in mind and since most OS's don't behave like this we can expect them to break (we just modified BIND)...
bind was excplicity designed to handle this prior to my change, however the bind design wasn't great and just closed the socket. recv returning ENOBUFS has been documented by POSIX many years before my change to NetBSD so it can be argued that not handling it gracefully is not standards compliant.
Using the same logic you put forward we should set security.pax.mprotect.enabled=0 because I have a list of programs that don't work with it and when trying to poke people to get it to work they said just disable that option.
Roy