> > beta# cpio -o -F spwd.db > > /etc/spwd.db > > cpio: Unable to open /etc/spwd.db to read: Operation not permitted > > > > This is why I asked if the pledge is too tight on cpio. > > Yes, I'd say you are right. > > Theo, run > > # find /etc | cpio -o >/dev/null > > or > > # tar cf /dev/null /etc > > Do you really expect that to fail for /etc/spwd.db?
Yes. Absolutely. No pledged process can read password hashes. pledge is being misused here.
