On Wed, Mar 30, 2016 at 01:39:51AM -0500, Luke Small wrote:
> There are numerous issues. I have two cases of pledge calls in one program:
"one program" ? which program ? I will assume it is one of your personal
program.
> First the program should require stdio,proc,exec (I fork(), execl(), open
> and close file descriptors using fdopen() and used dup2()) and use
> functionality to call fopen("/etc/pkg.conf", "w"); as a normal user or root
> user without it crashing.
>
>
> In the first case, I merely call pledge("stdio,proc", NULL); at the
> beginning of main() and it works.
"stdio,proc" is an invalid syntax. your pledge(2) call should have returned
EINVAL and doesn't apply any promises. The right syntax would be "stdio proc".
> In the second case, I also add pledge("stdio", NULL); after the parts with
> the fork() and execl() calls have been completed and it crashes on the
> fopen("/etc/pkg.conf", "w"); call whether I'm the normal user or I'm root.
pledge(2) doesn't make difference between root or normal user. your
program pledged that it will do only something and do something
different: it is a bug, it dies, whatever the uid.
next, for opening a file, "stdio" isn't enough. For calling fopen() with
'w' mode, you need "cpath wpath" (fopen will use open(2) with O_WRONLY |
O_CREAT | O_TRUNC).
So:
- first call: pledge("stdio wpath cpath proc exec", NULL)
(because execl(2) will require "exec" promise)
- second call: pledge("stdio wpath cpath", NULL)
And checks the return value of pledge(2). The common idiom is:
if (pledge("foo bar", NULL) == -1)
err(EXIT_FAILURE, "pledge");
Thanks.
--
Sebastien Marie
