===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/59.html,v
retrieving revision 1.41
retrieving revision 1.42
diff -c -r1.41 -r1.42
*** www/59.html 2016/02/24 21:57:33 1.41
--- www/59.html 2016/02/25 07:28:57 1.42
***************
*** 105,110 ****
--- 105,114 ----
453 out of 707 base system binaries adapted to use pledge.
14 ports adapted to use pledge (some decompression tools, mutt,
some pdf tools, chromium/iridium, and the i3 window manager).
+ pledge exposed several bugs that has been corrected, for example in bgpd(8), iked(8), ldapd(8), ntpd(8) or syslogd(8),
+ and several misguided "features" that has been removed, like support for HOSTALIASES from the resolver, support for "lookup yp" in /etc/resolv.conf, setuid-preserving code in binutils tools or ed-style diffs via proc/exec in patch(1).
+ pledge has require a somehow intensive audit of userland to properly annotate programs, resulting some design changes like in rdate(1), sndiod(8) or the introduction of SOCK_DNS socket(2) flag that makes SS_DNS tagged socket conceptually different from plain socket.
+ it also has been used to constraint programs in a more strict POSIX subset, like some binutils tools that handle untrusted data (strings(1), objdump(1), ...), or the RSA-privsep process in smtpd(1).