Re: lockspool getting killed by pledge on OpenBSD 6.7

On Mon, May 25, 2020 at 04:15:24PM -0600, Todd C. Miller wrote: > I thought we decided not to adjust the pledge when I brought it up > last time. Here's the diff I had in my tree to remove support for > world-writable spool dirs. It's definitely a good option and would simplify

Re: lockspool getting killed by pledge on OpenBSD 6.7

After changing permissions of /var/mail directory to 755: $ chmod 755 /var/mail everything is fine and seteuid(2) is not called: 92121 lockspool NAMI "/var/mail/root.lock" 92121 lockspool RET unlink 0 92121 lockspool CALL kbind(0x7f7c7f58,24,0xefbb72852ff02523) 92121 lockspool RET

lockspool getting killed by pledge on OpenBSD 6.7

Hi, I noticed that when I try to run /usr/libexec/lockspool directly as root I'm getting Abort trap on my machine: $ /usr/libexec/lockspool Abort trap $ echo $? 134 And in dmesg I can see plenty of pledge logs: lockspool[73511]: pledge "id", syscall 183 lockspool[94755]: pledge "id", syscall