Hi there,
at the moment ftp pledges "proc exec" in its SMALL version, but not
otherwise. This seems wrong, because the SMALL version does not support
interactive mode (which needs "proc exec" for e.g. the page command),
while the !SMALL version does.
The patch below switches the two pledges, so that the SMALL version
pledges a smaller subset.
Cheers,
Frederic
Index: usr.bin/ftp/main.c
===================================================================
RCS file: /cvs/src/usr.bin/ftp/main.c,v
retrieving revision 1.104
diff -u -p -r1.104 main.c
--- usr.bin/ftp/main.c 18 Oct 2015 03:39:37 -0000 1.104
+++ usr.bin/ftp/main.c 2 Nov 2015 05:29:39 -0000
@@ -444,21 +444,21 @@ main(volatile int argc, char *argv[])
if (isurl(argv[0])) {
if (pipeout) {
#ifndef SMALL
- if (pledge("stdio rpath dns tty inet fattr",
+ if (pledge("stdio rpath dns tty inet proc exec
fattr",
NULL) == -1)
err(1, "pledge");
#else
- if (pledge("stdio rpath dns tty inet proc exec
fattr",
+ if (pledge("stdio rpath dns tty inet fattr",
NULL) == -1)
err(1, "pledge");
#endif
} else {
#ifndef SMALL
- if (pledge("stdio rpath wpath cpath dns tty
inet fattr",
+ if (pledge("stdio rpath wpath cpath dns tty
inet proc exec fattr",
NULL) == -1)
err(1, "pledge");
#else
- if (pledge("stdio rpath wpath cpath dns tty
inet proc exec fattr",
+ if (pledge("stdio rpath wpath cpath dns tty
inet fattr",
NULL) == -1)
err(1, "pledge");
#endif
