Theo de Raadt <dera...@cvs.openbsd.org> writes: >> Grmbl. I've hard a hard time trying to understand *why* this would be >> needed. The answer is pledge(2), who makes chmod(2) fail with EPERM >> instead of killing the process. >> >> I find this confusing. IMO pledge(2) should let the kernel do the >> appropriate security checks for chown(2). > > Cannot. pledge handles *chown() at a realistic level. > > Otherwise, we'd need pledge checks in every function reachable > by VOP_SETATTR.
I'm not sure I understand the reasons, but I'll trust you on that one. Still I find this change in behavior confusing, and I hope it won't bite us in the end. I'd prefer cron not to change its gid for a weird reason, or maybe change it only around the socket chmod call, with a comment explaining why this is necessary. Otherwise, millert's diff looks good, works fine and is a very desirable improvement IMO. ok jca@ but please consider the paragraph above. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
