By now we are already confident that pledge(2) "just works(tm)" and that it can

be used to effectively remove filesystem access.

That being said, in spamd(8) when I pledge(2)d it the main priv process got
"stdio inet" which means there's no fs access at all so calling
chroot(2)/chdir(2) here doesn't get us any additional protection. Just remove
them.

OK deraadt@ and no objections from schwarze@

1 files changed, 1 insertions, 10 deletions

diff --git a/libexec/spamd/spamd.c b/libexec/spamd/spamd.c
index 84935e9df33..446a97f57aa 100644
--- a/libexec/spamd/spamd.c
+++ b/libexec/spamd/spamd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: spamd.c,v 1.155 2018/10/22 17:31:24 krw Exp $	*/
+/*	$OpenBSD: spamd.c,v 1.156 2019/08/06 13:34:36 mestre Exp $	*/
 
 /*
  * Copyright (c) 2015 Henning Brauer <henning@openbsd.org>
@@ -1519,15 +1519,6 @@ main(int argc, char *argv[])
 			}
 			close(trappipe[1]);
 
-			if (chroot("/var/empty") == -1) {
-				syslog(LOG_ERR, "cannot chroot to /var/empty.");
-				exit(1);
-			}
- 			if (chdir("/") == -1) {
-				syslog(LOG_ERR, "cannot chdir to /");
-				exit(1);
-			}
-
 			if (setgroups(1, &pw->pw_gid) ||
 			    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
 			    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))