Hi, I've refactored my code, I added imsg and privsep in chroot. Nothing has changed. Still ugly code of mine and still unable to cpio /etc/spwd.db into a cpio file. Only added bonus is that I was able to tighten the pledge() in my code a wee bit.
Here is my (refactored) code: http://centroid.eu/private/rbdaemon2.c.txt Here is the output of the last few lines: backing up file: /etc/spwd.db cpio: Unable to open /etc/spwd.db to read: Operation not permitted open: No such file or directory file was /tmp/backup/65f874c895d11c2ff614ee33f0ba623ff9f24000a9726a9418340380b4333b66-1024-78735-1.cpio And here is a userland demonstration of why cpio doesn't work for backing up this file: beta# cpio -o -F spwd.db /etc/spwd.db cpio: Unable to open /etc/spwd.db to read: Operation not permitted This is why I asked if the pledge is too tight on cpio. Regards, -peter On 10/23/17 19:25, Theo de Raadt wrote: > Oh hahahahahah, you are trying to backup / including this file /etc/spwd.db > which you are not allowed to read! > > Look, your design is flawed. Look at your pledge call: > > stdio cpath rpath wpath inet dns exec proc > > Basically, you want your program to be able to do everything. > > pledge isn't a wand you wave over software and then it is secure. The > subsets of POSIX which remain come with downsides which you MUST > consider. > > You aren't listening to what pledge is telling you -- that if you want > security, you should redesign it to operate in a privsep fashion.
