Hi,
Ricardo Mestre wrote on Wed, Jul 31, 2019 at 07:41:08PM +0100:
> On 11:22 Wed 31 Jul , Theo de Raadt wrote:
>> Ingo Schwarze wrote:
>>> /*
>>> * When porting this program to a platform lacking pledge(2),
>>> * don't forget to at least properly chroot(2) the child instead.
As I already spoke with Theo this needs to be carefully looked app by
app and not remove chroot just because, it needs to make sense first and
foremost.
This diff was also not one by random choice, spamd(8) was one of the
first programs I actually studied, pledge(2)d it and use daily and sent it
Ingo Schwarze wrote:
> /*
>* When porting this program to a platform lacking pledge(2),
>* don't forget to at least properly chroot(2) the child instead.
>*/
I'm going to translate that to another plausible comment to put
throughout the source tree.
/* When
Hi,
Theo de Raadt wrote on Wed, Jul 31, 2019 at 09:48:57AM -0600:
> Ricardo Mestre wrote:
>> By now we are already confident that pledge(2) "just works(tm)"
>> and that it can be used to effectively remove filesystem access.
>>
>> That being said, in spamd(8) when I pledge(2)d it the main priv
Ricardo Mestre wrote:
> By now we are already confident that pledge(2) "just works(tm)" and that it
> can
> be used to effectively remove filesystem access.
>
> That being said, in spamd(8) when I pledge(2)d it the main priv process got
> "stdio inet" which means there's no fs access at all so
Hi,
By now we are already confident that pledge(2) "just works(tm)" and that it can
be used to effectively remove filesystem access.
That being said, in spamd(8) when I pledge(2)d it the main priv process got
"stdio inet" which means there's no fs access at all so calling
chroot(2)/chdir(2) here