On Tue, Oct 24, 2017 at 12:31:50PM +0200, Peter J. Philipp wrote: > [...] > > Here is the output of the last few lines: > > backing up file: /etc/spwd.db > cpio: Unable to open /etc/spwd.db to read: Operation not permitted > open: No such file or directory > file was > /tmp/backup/65f874c895d11c2ff614ee33f0ba623ff9f24000a9726a9418340380b4333b66-1024-78735-1.cpio
the ability of opening /etc/spwd.db is a privilegied operation that requires the program to be unpledged. so if this part of your code run under pledge(2), it will not be able to read the file, whatever the promises it made. several syscalls are forbidden when pledged. here, it is the ability to open a specific file that contains sensitive information which is forbidden. but we were nice: your program isn't killed by trying to open it (you got EPERM error), whereas it would be killed if it tries to call forbidden syscall, like chroot(2) for example. > And here is a userland demonstration of why cpio doesn't work for > backing up this file: > > beta# cpio -o -F spwd.db > /etc/spwd.db > cpio: Unable to open /etc/spwd.db to read: Operation not permitted > > This is why I asked if the pledge is too tight on cpio. I agree that it could be disappointing. but cpio is pledged, so it couldn't open /etc/spwd.db, because we considered this operation as a privilegied operation. in order to backup this file, you need another tool. someone already mentioned dump(8) as example. thanks. -- Sebastien Marie
