On 2020-05-03 12:13, Stuart Henderson wrote: > On 2020/05/02 20:19, Demi M. Obenour wrote: >> The following patch tightens the pledges for ftp(1). >> >> This guarantees that ftp(1) cannot spawn child processes when operating >> in batch mode, which is a significant security win. > > It breaks interactive mode (!ls, more somefile, get somefile "|rot13"), > something is wrong with how you decide that exec is needed. > > Also it complicates the code for the SMALL version used on the ramdisk > (and maybe makes the pledge weaker too, the code is no longer easy to > follow so I didn't work out for sure) The ramdisk version should be fine. The variable `needs_exec` is initialized to 0, and it is never assigned to in SMALL mode, so the stronger pledges are used.
Sincerely, Demi
signature.asc
Description: OpenPGP digital signature