> > + if (pledge("stdio rpath getpw proc wpath cpath > > inet ioctl sendfd recvfd", > > + NULL) == -1) { > > + fatalx("pledge"); > > + } > > whoa, still a big list of promises, and some are a bit unexpected for > me. could you explain the need for them ? > > I mean, if "rpath wpath cpath" are expected for a daemon that serve > files, "ioctl" for example is more questionable. could you explain > quickly why or where ftpd needs them ?
Pretty sure that "ioctl" promise can be replaced with "tty". retrieve() -> ftpd_popen() -> ls_main() /usr/src/bin/ls/ls_main.c:121 contains a call to "ioctl(STDOUT_FILENO, TIOCGWINSZ, &win)". I'm a bit worried about this execv() call in popen.c:143 in ftpd_popen() Are you sure this can't be reached? Otherwise an "exec" promise would probably also be needed.