<arrowscript <at> mail.com> writes: > > Thanks. > Yes, it does core dump on "Abort trap". > Any idea on how I can force ftp(1) to socks5? The man page say nothing about proxy other than http or ftp, and I > have not set a transparent proxy yet... > > Good to know that pledge is doing his job. So far, no other problem with the transition between 5.8 to 5.9. > >
Confirmed, this is definitely the cause. In particular, here torsocks is trying to fetch the username using getpwuid() which is not permitted by most pledges. Torsocks works by overriding libc functions with its own versions using an LD_PRELOAD wrapper. This could be extended to "support" pledge by overriding pledge() as well - either replace it with a dummy noop, or with something that modifies the pledge to add the functions it requires. Alternatively adjust the torsocks code to avoid doing the getpwuid() calls, at least if the alternative methods to provide the username have been used. There may be other calls which get killed by *some* pledges, but just avoiding the getpwuid does at least seem to get things working with ftp(1). ftp(1) doesn't support socks5 itself. Alternatively to avoid modifying torsocks and fix things for the use case you mention, you could use curl (which does support socks), with a wrapper script to let it be used from FETCH_CMD.