sure, it wasn't mine! it was just missing one unveil so it's ok mestre@
on this one
On 11:42 Sat 15 Jun , Theo de Raadt wrote:
> yeah that was my idea..
>
> Ricardo Mestre wrote:
>
> > Hi,
> >
> > Sorry to be late in the game, but as jca@ pointed out sysctl(8) tries to
> > open _PATH_DEVDB
Hi,
Sorry to be late in the game, but as jca@ pointed out sysctl(8) tries to
open _PATH_DEVDB first and then /dev if it cannot open the former, so
both should be unveil(2)ed. Scramble the includes while at it.
Index: sysctl.c
===
RCS
When userland was massaged for pledge(), I hesitated using the
"manually call tzset()" approach for handling things. It felt
too low-level to call tzset(), an API almost noone knows the
existance of.
Arriving in the same situation to satisfy unveil(). Again calling
tzset() feels too unfamiliar a
On Sat, Jun 08, 2019 at 01:42:04PM +0200, Florian Obser wrote:
> shrug, I was just passive aggressively reacting to some unhelpful
> asshattery.
To clarify: This was not aimed at mestre@.
On Sat, Jun 08 2019, Stuart Henderson wrote:
> On 2019/06/08 13:15, Jeremie Courreges-Anglas wrote:
>> Naive question: should sysctl(8) be pledged? I'm not objecting but
>> I wonder what we are trying to protect us from, here.
>
> AFAIK it can't be done because pledge always restricts which sysct
On 2019/06/08 13:15, Jeremie Courreges-Anglas wrote:
> Naive question: should sysctl(8) be pledged? I'm not objecting but
> I wonder what we are trying to protect us from, here.
AFAIK it can't be done because pledge always restricts which sysctl nodes
may be accessed.
On Sat, Jun 08, 2019 at 01:15:37PM +0200, Jeremie Courreges-Anglas wrote:
> On Sat, Jun 08 2019, Florian Obser wrote:
> > On Fri, Jun 07, 2019 at 11:24:30PM +0100, Ricardo Mestre wrote:
> >> i did that and for some for reason i didn't get it! it tries to open
> >> timezone so it kinda looks like a
On Sat, Jun 08 2019, Florian Obser wrote:
> On Fri, Jun 07, 2019 at 11:24:30PM +0100, Ricardo Mestre wrote:
>> i did that and for some for reason i didn't get it! it tries to open
>> timezone so it kinda looks like a red flag right there...
>>
>> apart from /dev do we need to look into TZ on this
On Fri, Jun 07, 2019 at 11:24:30PM +0100, Ricardo Mestre wrote:
> i did that and for some for reason i didn't get it! it tries to open
> timezone so it kinda looks like a red flag right there...
>
> apart from /dev do we need to look into TZ on this one as well? if TZ
> var needs to be looked at t
i did that and for some for reason i didn't get it! it tries to open
timezone so it kinda looks like a red flag right there...
apart from /dev do we need to look into TZ on this one as well? if TZ
var needs to be looked at then all bets are off :/
On 01:01 Sat 08 Jun , Consus wrote:
> On 18:1
On 18:14 Fri 07 Jun, Ricardo Mestre wrote:
> Hi,
>
> My eyes may be cheating me in plain sight, but sysctl(8) doesn't seem to
> require fs access at all.
>
> Comments? OK?
>
> Index: sysctl.c
> ===
> RCS file: /cvs/src/sbin/sysctl/s
Hi,
My eyes may be cheating me in plain sight, but sysctl(8) doesn't seem to
require fs access at all.
Comments? OK?
Index: sysctl.c
===
RCS file: /cvs/src/sbin/sysctl/sysctl.c,v
retrieving revision 1.242
diff -u -p -u -r1.242 sysct
12 matches
Mail list logo