On Tue, Oct 24, 2017 at 01:13:39PM +0200, Daniel Hartmeier wrote: > On Tue, Oct 24, 2017 at 12:31:50PM +0200, Peter J. Philipp wrote: > > > beta# cpio -o -F spwd.db > > /etc/spwd.db > > cpio: Unable to open /etc/spwd.db to read: Operation not permitted > > > > This is why I asked if the pledge is too tight on cpio. > > Yes, I'd say you are right. > > Theo, run > > # find /etc | cpio -o >/dev/null > > or > > # tar cf /dev/null /etc > > Do you really expect that to fail for /etc/spwd.db? > > But grep or hexdump (both pledged, too) work just fine on that file? > > Daniel >
I redo some checks. the "problem" is you got EPERM if you pledged for "getpw" and try to open /etc/spwd.db, whereas if you don't have it (well "rpath" is still necessary), it can open the file. the semantic of failing for every call of open on /etc/spwd.db was done at some point, but reverted later (it brokes pwd_mkdb). I agree the current behaviour isn't really consistent (EPERM if "getpw" and no problem without). I think the purpose was initially to avoid a pledged root program to open and put in memory the content of /etc/spwd.db when password access was not strictly required. Maybe it could be revisited. -- Sebastien Marie
