Re: lockspool getting killed by pledge on OpenBSD 6.7
On Mon, May 25, 2020 at 04:15:24PM -0600, Todd C. Miller wrote: > I thought we decided not to adjust the pledge when I brought it up > last time. Here's the diff I had in my tree to remove support for > world-writable spool dirs. It's definitely a good option and would simplify /cvs/src/libexec/mail.local/locking.c file significantly as well as gives a clear warning to the user.
Re: lockspool getting killed by pledge on OpenBSD 6.7
After changing permissions of /var/mail directory to 755: $ chmod 755 /var/mail everything is fine and seteuid(2) is not called: 92121 lockspool NAMI "/var/mail/root.lock" 92121 lockspool RET unlink 0 92121 lockspool CALL kbind(0x7f7c7f58,24,0xefbb72852ff02523) 92121 lockspool RET kbind 0 92121 lockspool CALL exit(0) Killing lockspool(1) by pledge(2) happens when permissions of /var/mail are greater than 755. Maybe it would be useful to give user an indication that it is the permission issue instead of killing the process by pledge? What do you think?
lockspool getting killed by pledge on OpenBSD 6.7
Hi, I noticed that when I try to run /usr/libexec/lockspool directly as root I'm getting Abort trap on my machine: $ /usr/libexec/lockspool Abort trap $ echo $? 134 And in dmesg I can see plenty of pledge logs: lockspool[73511]: pledge "id", syscall 183 lockspool[94755]: pledge "id", syscall 183 lockspool[38910]: pledge "id", syscall 183 1. Is this reproducible on your end? 2. Is "id" pledge request missing here? https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec/lockspool/lockspool.c?rev=1.21 Latest kdump: 919 lockspool RET stat 0 919 lockspool CALL kbind(0x7f7cb278,24,0xc70598ce16a08728) 919 lockspool RET kbind 0 919 lockspool CALL seteuid(0<"root">) 919 lockspool PLDG seteuid, "id", errno 1 Operation not permitted 919 lockspool PSIG SIGABRT SIG_DFL code <74513776> Seems like seteuid(2) is called... Dawid
