Re: ftp(1): pledge smaller subset in SMALL version
j...@wxcvbn.org (Jérémie Courrèges-Anglas) writes: > Frederic Nowak writes: > >> Hi there, > > Hi, > >> at the moment ftp pledges "proc exec" in its SMALL version, but not >> otherwise. This seems wrong, because the SMALL version does not support >> interactive mode (which needs "proc exec" for e.g. the page command), >> while the !SMALL version does. >> The patch below switches the two pledges, so that the SMALL version >> pledges a smaller subset. > > I can confirm that it is possible to have ftp(1) killed by pledge in the > non-SMALL build. > > The diff looks correct and I doubt that there's a risk for it to > introduce further regressions. However there's a popen() call in > recvrequest() that could trigger pledge protection. If anyone wants to > make sense of that code, be my guest... Since no one stepped up to investigate this issue, I committed your diff as is. Thanks! -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: ftp(1): pledge smaller subset in SMALL version
Frederic Nowak writes: > Hi there, Hi, > at the moment ftp pledges "proc exec" in its SMALL version, but not > otherwise. This seems wrong, because the SMALL version does not support > interactive mode (which needs "proc exec" for e.g. the page command), > while the !SMALL version does. > The patch below switches the two pledges, so that the SMALL version > pledges a smaller subset. I can confirm that it is possible to have ftp(1) killed by pledge in the non-SMALL build. The diff looks correct and I doubt that there's a risk for it to introduce further regressions. However there's a popen() call in recvrequest() that could trigger pledge protection. If anyone wants to make sense of that code, be my guest... -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
ftp(1): pledge smaller subset in SMALL version
Hi there,
at the moment ftp pledges "proc exec" in its SMALL version, but not
otherwise. This seems wrong, because the SMALL version does not support
interactive mode (which needs "proc exec" for e.g. the page command),
while the !SMALL version does.
The patch below switches the two pledges, so that the SMALL version
pledges a smaller subset.
Cheers,
Frederic
Index: usr.bin/ftp/main.c
===
RCS file: /cvs/src/usr.bin/ftp/main.c,v
retrieving revision 1.104
diff -u -p -r1.104 main.c
--- usr.bin/ftp/main.c 18 Oct 2015 03:39:37 - 1.104
+++ usr.bin/ftp/main.c 2 Nov 2015 05:29:39 -
@@ -444,21 +444,21 @@ main(volatile int argc, char *argv[])
if (isurl(argv[0])) {
if (pipeout) {
#ifndef SMALL
- if (pledge("stdio rpath dns tty inet fattr",
+ if (pledge("stdio rpath dns tty inet proc exec
fattr",
NULL) == -1)
err(1, "pledge");
#else
- if (pledge("stdio rpath dns tty inet proc exec
fattr",
+ if (pledge("stdio rpath dns tty inet fattr",
NULL) == -1)
err(1, "pledge");
#endif
} else {
#ifndef SMALL
- if (pledge("stdio rpath wpath cpath dns tty
inet fattr",
+ if (pledge("stdio rpath wpath cpath dns tty
inet proc exec fattr",
NULL) == -1)
err(1, "pledge");
#else
- if (pledge("stdio rpath wpath cpath dns tty
inet proc exec fattr",
+ if (pledge("stdio rpath wpath cpath dns tty
inet fattr",
NULL) == -1)
err(1, "pledge");
#endif
