>> If the caller execs /usr/ucb/lpr (or whatever [...]), it's broken
>> (or [whatever]), and this is just one of multiple reasons why.
> Great (and I agree!), but "that's broken" doesn't change the fact
> that a lot of things [do it anyway].  And no, trusting $PATH doesn't
> necessarily work; wrapper scripts for big, GUI applications
> periodically choose (wrongly, but it happens) to stamp on it.  Why
> should NetBSD shoot its users in the foot when we've already got a
> great way to avoid it in emulating mailwrapper?

To make them get their feet out of the way!

Less analogically: for the same reason we don't support lots of other
forms of misbehaviour: to discourage it.  Those applications will never
be fixed until someone makes them broken not just de-jure but de-facto
as well.

No, I don't really expect NetBSD to agree with me on this point.  I
don't really expect even _you_ to agree with me on it.  But it _is_ the
answer to your question.

> I couldn't agree more with Bill Studenmund and Ben Harris about this:
> sendmail and lpd ARE special as far as daemons go.

> So I would say: It's practical to wrap lpd for the same reasons it's
> practical to wrap MTAs that are actively sendmail runalikes [].  It
> is NOT practical to wrap sshd, inetd, named, or any other daemons I
> can think of in a quick enumeration right now.

But why not ssh?  That's another program that's execed by user programs
to do things, in that respect just like sendmail or lpr.  (The answer,
of course, is that programs that exec it have had to expect it to be
anywhere from day one, unlike sendmail and lpr, and hence the
brokenness discussed above has not become entrenched in ssh's case.
But it does seem to me that the arguments for lpwrapper apply equally
well to ssh.)

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B