On Mon, May 25, 2020 at 04:15:24PM -0600, Todd C. Miller wrote:
> I thought we decided not to adjust the pledge when I brought it up
> last time. Here's the diff I had in my tree to remove support for
> world-writable spool dirs.
It's definitely a good option and would simplify
After changing permissions of /var/mail directory to 755:
$ chmod 755 /var/mail
everything is fine and seteuid(2) is not called:
92121 lockspool NAMI "/var/mail/root.lock"
92121 lockspool RET unlink 0
92121 lockspool CALL kbind(0x7f7c7f58,24,0xefbb72852ff02523)
92121 lockspool RET
Hi,
I noticed that when I try to run /usr/libexec/lockspool directly as root
I'm getting Abort trap on my machine:
$ /usr/libexec/lockspool
Abort trap
$ echo $?
134
And in dmesg I can see plenty of pledge logs:
lockspool[73511]: pledge "id", syscall 183
lockspool[94755]: pledge "id", syscall