On Thu, Nov 25, 2021 at 04:55:23AM -0600, Luke Small wrote:
> I ran ktrace. Kdump said the last thing it did was try to load
> /usr/libexec/ld.so
>
> To main(), before the unveil pledge is dropped, I added:
>
> if (unveil("/usr/libexec/", "rx") == -1)
> err(1, "unveil, line: % d", __LINE__);
>
> After running it again, it spits out an error message:
>
> ld.so: pkg_ping: can't load library 'libc.so.96.1'
>
> So I put in:
>
> if (unveil("usr/lib/", "rx") == -1)
> err(1, "unveil, line: %d", __LINE__);
>
> Now it successfully execv()s into the new process space!
> Now in the newly created program, which hasn’t set new pledge execpromises,
> it won’t successfully run ftp(1) because it wasn’t granted the inet
> execpromise.
>
> execpromises seems to have carried over!
Don't use execpromises. That feature is not working and no tool in OpenBSD
uses it.
--
:wq Claudio
