search for: dhclient_capsicum

...stuff, like reading, fchmod, etc. - Descriptor to pidfile has no rights, it is just being kept open. - STDIN descriptor has no rights. - STDOUT and STDERR descriptors are limited to write only. The patches are here. Every change has individual description: http://people.freebsd.org/~pjd/patches/dhclient_capsicum.patches I'd appreciate any review, especially security audit of the proposed changes. The new and most critical function is probably send_packet_priv(). -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org A...