Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only
check permissions on open(/dev/pf). This means that on OS X, it is not
possible to open /dev/pf, drop privileges, and send an ioctl to the file
descriptor opened earlier with EUID==0. It also means Apple broke the
Unix way of dealing with device nodes - why are there file permissions
on /dev/pf when they later enforce EUID==0 on use, thereby breaking
basic Unix mechanisms? Work around this by disallowing -u with pf
proxyspecs and by not automatically dropping to nobody on Mac OS X.
Issue: #65
Reported by: Vladimir Marteev
Fork into a monitor parent process and an actual proxy child process,
communicating over AF_UNIX sockets. Certain privileged operations are
performed through the privileged parent process, like opening log files
or listener sockets, while all other operations happen in the child
process, which can now drop its privileges without side-effects for
log file opening and other privileged operations. This is also a
preparation for -l/-L logfile reopening through SIGUSR1.
This means that -S and -F are no longer relative to chroot() if used
with -j. This is a deliberate POLA violation.
Add -r to force a specific SSL/TLS protocol version.
Add -R to disable one or several SSL/TLS protocol versions.
Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2.
Issue: #30
Reported by: @Apollo2342
Move from one set of headers per major OS X release to one set of
headers per XNU release. Fetch the header files from Apple's official
Open Source site instead of GitHub in the fetchdeps developer target.
As a side effect, 10.6.x is now supported as well (untested), and proper
headers are used for 10.10.
Issue: #39
Load the certificates from the directory given by -t into the
certificate cache after preinit, but before dropping privileges. This
fixes a number of issues, such as -t directory not being found after
chroot()ing to a different root, -t directory inaccessible due to
changing user with -u, and when using encrypted keys. This bug was
introduced in 0675219 as a spurious part of fixing #5.
Issue: #20, #19
Reported by: Miroslav Stampar
This fixes a regression which caused bind() to ports < 1024 to fail with
the default settings of dropping privileges to nobody.
Issue: #8
Reported by: Ian Grispan
