> I am however curious to this patch. By pledging ksh with exec it appears
> to me that once a pledged process is execve(2)d it looses it's already
> made pledges.
Yes, because that is what it needs.
> This to me seems like
> something that might be undesirable (find remote code
On 10/10/15 02:10, Theo de Raadt wrote:
CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2015/10/09 18:10:08
Modified files:
bin/ksh: Makefile c_sh.c main.c
distrib/special/ksh: Makefile
Log message:
ksh can run with pledge "stdio rpath
On Sat, Oct 10, 2015 at 08:17:13AM +0200, Martijn van Duren wrote:
> I am however curious to this patch. By pledging ksh with exec it appears to
> me that once a pledged process is execve(2)d it looses it's already made
> pledges. (how else could applications spawned from the shell and still get
>