On Thu, Nov 25, 2021 at 04:55:23AM -0600, Luke Small wrote: > I ran ktrace. Kdump said the last thing it did was try to load > /usr/libexec/ld.so > > To main(), before the unveil pledge is dropped, I added: > > if (unveil("/usr/libexec/", "rx") == -1) > err(1, "unveil, line: % d", __LINE__); > > After running it again, it spits out an error message: > > ld.so: pkg_ping: can't load library 'libc.so.96.1' > > So I put in: > > if (unveil("usr/lib/", "rx") == -1) > err(1, "unveil, line: %d", __LINE__); > > Now it successfully execv()s into the new process space! > Now in the newly created program, which hasn’t set new pledge execpromises, > it won’t successfully run ftp(1) because it wasn’t granted the inet > execpromise. > > execpromises seems to have carried over!
Don't use execpromises. That feature is not working and no tool in OpenBSD uses it. -- :wq Claudio