On Thu, May 13, 2021 at 10:40:40AM -0600, Theo de Raadt wrote:
> + if (pledge("stdio rpath inet recvfd sendfd "
> + "wpath cpath proc tty getpw", NULL) == -1)
>
> Please change the order:
>
> stdio rpath wpath cpath inet recvfd sendfd proc tty getpw
>
> (It remains extremely permissive).
Yes. Further refactoring may reduce the needed syscalls in the future?
OK?
Thanks,
Jan
Index: monitor.c
===================================================================
RCS file: /cvs/src/libexec/ftpd/monitor.c,v
retrieving revision 1.26
diff -u -p -r1.26 monitor.c
--- monitor.c 28 Jun 2019 13:32:53 -0000 1.26
+++ monitor.c 13 May 2021 17:12:18 -0000
@@ -295,11 +295,17 @@ handle_cmds(void)
sizeof(slavequit));
break;
case AUTH_SLAVE:
+ if (pledge("stdio rpath wpath cpath inet recvfd"
+ " sendfd proc tty getpw", NULL) == -1)
+ fatalx("pledge");
/* User-privileged slave */
debugmsg("user-privileged slave started");
return;
/* NOTREACHED */
case AUTH_MONITOR:
+ if (pledge("stdio inet sendfd recvfd proc",
+ NULL) == -1)
+ fatalx("pledge");
/* Post-auth monitor */
debugmsg("monitor went into post-auth phase");
state = POSTAUTH;
