Theo de Raadt writes:
>> Grmbl. I've hard a hard time trying to understand *why* this would be
>> needed. The answer is pledge(2), who makes chmod(2) fail with EPERM
>> instead of killing the process.
>>
>> I find this confusing. IMO pledge(2) should let the kernel
> Grmbl. I've hard a hard time trying to understand *why* this would be
> needed. The answer is pledge(2), who makes chmod(2) fail with EPERM
> instead of killing the process.
>
> I find this confusing. IMO pledge(2) should let the kernel do the
> appropriate security checks for chown(2).
"Todd C. Miller" writes:
> On Wed, 11 Nov 2015 23:30:48 +0100,
> =?utf-8?Q?J=C3=A9r=C3=A9mie_Courr=C3=A8ges-
> Anglas?= wrote:
>
>> "Todd C. Miller" writes:
>>
>> > On Wed, 11 Nov 2015 14:43:47 -0700, "Todd C. Miller" wrote:
>> >
>> >>