On Fri, Jul 19, 2019 at 09:43:14PM +0200, Jesper Wallin wrote:
> Hi all,
>
> When using vi(1) with secure mode (-S), both 'proc' and 'exec' are
> stripped from the pledge promise. This breaks the :pre[serve] command
> as it uses fork(2). This is broken on 6.4, 6.5 and -current.
>
> Re-add the 'proc' promise, even when running in secure mode.
>
>
> Jesper Wallin
vi(1) is calling fork(2) here because it intends to exec the sendmail
wrapper, which will not succeed without the exec promise.
50282 vi CALL stat(0xb0a2508fb5,0x7f7ffffe3e80)
50282 vi NAMI "/usr/sbin/sendmail"
50282 vi STRU struct stat { dev=1029, ino=103994,
mode=-r-xr-xr-x , nlin
k=1, uid=0<"root">, gid=7<"bin">, rdev=419648, atime=1562946228<"Jul 12
11:43:48
2019">, mtime=1562946228<"Jul 12 11:43:48 2019">, ctime=1562956860<"Jul
12 14:4
1:00 2019">.345836594, size=10696, blocks=24, blksize=16384, flags=0x0,
gen=0x0
}
50282 vi RET stat 0
50282 vi CALL kbind(0x7f7ffffe3db0,24,0xcfec3cf125b97ff7)
50282 vi RET kbind 0
50282 vi CALL fork()
50282 vi PLDG fork, "proc", errno 1 Operation not permitted
50282 vi PSIG SIGABRT SIG_DFL code <1210892288>
50282 vi NAMI "vi.core"
In the non-secure case, you'll see:
78700 vi CALL execve(0xe73ebd08fb5,0x7f7ffffb9340,0xe76e34b8300)
78700 vi NAMI "/usr/sbin/sendmail"
78700 vi ARGS
[0] = "sendmail"
[1] = "-t"
..
I suspect that in secure/-S mode, the :pre[serve] should either be
disabled, or modified to stop calling sendmail. The mail it is sending
is purely advisory, and should be easy to disable. See common/recover.c.
-Bryan.
