On Wed, Nov 24, 2021 at 10:55:56PM -0600, Luke Small wrote:
> I took a hard look at it again…with more printf()s.
>
> It is killed at the execv which calls the calling executable to get
> different random number generated values with a slightly different argv set
> to prevent an indefinite loop.
>
> I put the following in before the execv:
>
> int i = pledge("stdio exec rpath”,
> "stdio exec proc rpath cpath wpath dns id unveil tty error");
> if (i == -1)
> err(1, "pledge, line: %d", __LINE__);
>
> After doing this it would dmesg rpath. I had to unveil(argv[0], “rx”);
> argv[0] which is “./pkg_ping” or “/full/path/to/pkg_ping” instead of having
> it as merely unveil(argv[0], “x”); which worked before.
>
> Now it gets shot in the head and leaves nothing in dmesg
>
> Does that mean that if execpromises is set, that it will get killed at
> every execve() series call? Does pledge/unveil not accept directly
> execv()ing back into the same program? Is it trying to read another file
> which unveil is still affecting?
if it is killed at execve(2), execpromises as nothing to do here (but
without seeing the whole code it is hard to be sure).
>From the small code you show, it seems that "proc" promise is missing
from your promises (first pledge(2) argument). You are unable to call
fork(2) without it, and the program will be killed.
If the code you are using is restricted and can't be showed, please at
least show a ktrace output of the program run. At this point I am
still unsure that it is execve(2) which is causing pledge violation.
--
Sebastien Marie
