[email protected] wrote:
> June 15, 2021 2:51 PM, "Theo de Raadt" <[email protected]> wrote:
> > "attacker"?
> Isn't the purpose of pledge() and unveil() to prevent a person with
> a code execution bug from damaging the system?
No, the purpose is to declare the bounds of what a program does.
So to answer your question precisely: No.
> > Seems to be working as intended. You are letting someone run all binaries.
> And I am not letting someone write to the filesystem. Yet, they can
> bypass that easily. `unveil("/", "rx")` gives a false illusion of
> security, which can even trip up OpenBSD maintainers (more below).
That statement has a precise meaning, so I disagree. The unveil manual
page does not contain the word "security" even once, so you are the one
jumping to conclusions.
To generate a specific effect, the tool has to be used correctly.
> > Or is it your expectation is that all binaries should crash when they
> > cannot start ld.so or load libc?
> "/" is mounted for reads, why would a program crash while loading
> libc? You don't need write access to execute a program.
I guess you don't know how shared executables work.
> Also to be clear - I'm not throwing blame to the author of the commit
> here, it's not their fault. This behaviour isn't documented, so unless
> you have seen the exec() source, you wouldn't know about it.
The behaviour isn't documented, because the behaviour you want is
non-sensical. It simply does not work, because of shared libraries,
and other things that programs do upon initialization.
Rather than arguing with Claudio and I, why don't you TRY to change
the kernel do so so, and learn the consequences.
> June 15, 2021 2:13 PM, "Claudio Jeker" <[email protected]> wrote:
> > Why did you add "rx" for a read-only program?
> Why can't a read-only program execute other programs? I can think of a lot
> of usecases where that's useful.
I guess you don't know how shared executables work.
> > Initially the goal was to keep unveils on exec but it turned out that it
> > is not feasable.
> Out of curiosity, have there been any discussion on this? I tried
> looking around on the mailing list archives, but I haven't found
> anything regarding this.
Terribly sorry you didn't get what you aren't owed.
