On Fri, May 14, 2021 at 07:29:48AM +0200, Matthias Pressfreund wrote:
> Interesting. How do I figure the correct order of keywords? So far I thought
> it
> didn't matter.
for the kernel, the order doesn't matter.
for people reviewing code, it matters.
> On 2021-05-13 18:40, Theo de Raadt
Interesting. How do I figure the correct order of keywords? So far I thought it
didn't matter.
On 2021-05-13 18:40, Theo de Raadt wrote:
> + if (pledge("stdio rpath inet recvfd sendfd "
> + "wpath cpath proc tty getpw", NULL) == -1)
On Thu, May 13, 2021 at 10:40:40AM -0600, Theo de Raadt wrote:
> + if (pledge("stdio rpath inet recvfd sendfd "
> + "wpath cpath proc tty getpw", NULL) == -1)
>
> Please change the order:
>
> stdio rpath wpath cpath inet recvfd
Hi,
This is the first attempt to bring pledge into ftpd. The Main ftpd
process can't use pledge for now because of possible chroot(2) calls.
But, the two forks after user login are pledged with this diff.
I tested it manually and with the ftpd's regression tests.
OK?
bye,
Jan
Index:
+ if (pledge("stdio rpath inet recvfd sendfd "
+ "wpath cpath proc tty getpw", NULL) == -1)
Please change the order:
stdio rpath wpath cpath inet recvfd sendfd proc tty getpw
(It remains extremely permissive).
