On 1/21/21 3:06 PM, Theo de Raadt wrote: >> This is just testing with the most permissable settings. > That statement is wrong. The most permissable setting is to not use > pledge, and use full POSIX. >
True, perhaps that explains it. I should have done more testing and not assumed it might be an upstream issue so readily, and could be fixed like syscall 74. > pledge use should be based upon informed decisions after study of > everything a program needs to do, rather than slapping it in and then in > an uneducated fashion complaining about the result not meeting > expectations. > > People using pledge in high-level language programs are making > uninformed decisions, since the high-level language environments perform > many complicated operations. > I will give this some consideration, especially wrt upstream changes that will not see pledge calls. Perhaps I should limit pledge use to Go code that does not use any libraries or drop it all together. Unveil is still useful. > Your problem report is useless. You don't supply source, you don't show > what is going on, yet you want hand-holding. You don't trace what the > program or the heavy-environment is doing. I could decouple the source from my libraries and provide the source and the full trace. Do you want it? I don't need execpromises anyway so I'd be doing it mainly for Go users. The program simply modifies /dev/speaker permissions, drops privs to an unpriviledged user, unveils and then executes. "/bin/sh -c echo A > /dev/speaker"
