Hi,
This is the first attempt to bring pledge into ftpd. The Main ftpd
process can't use pledge for now because of possible chroot(2) calls.
But, the two forks after user login are pledged with this diff.
I tested it manually and with the ftpd's regression tests.
OK?
bye,
Jan
Index: monitor.c
===================================================================
RCS file: /cvs/src/libexec/ftpd/monitor.c,v
retrieving revision 1.26
diff -u -p -r1.26 monitor.c
--- monitor.c 28 Jun 2019 13:32:53 -0000 1.26
+++ monitor.c 13 May 2021 14:31:35 -0000
@@ -295,11 +295,17 @@ handle_cmds(void)
sizeof(slavequit));
break;
case AUTH_SLAVE:
+ if (pledge("stdio rpath inet recvfd sendfd "
+ "wpath cpath proc tty getpw", NULL) == -1)
+ fatalx("pledge");
/* User-privileged slave */
debugmsg("user-privileged slave started");
return;
/* NOTREACHED */
case AUTH_MONITOR:
+ if (pledge("stdio inet sendfd recvfd proc",
+ NULL) == -1)
+ fatalx("pledge");
/* Post-auth monitor */
debugmsg("monitor went into post-auth phase");
state = POSTAUTH;
