ok with 2 comments below
Rob Pierce(r...@2keys.ca) on 2017.08.11 16:35:21 -0400:
> The following diff pledges two of three processes in snmpd: the parent snmpd
> process and the trap handler. We cannot currently pledge snmpe as snmp
> requests
> asking for privileged kernel info are disallowed by pledge.
>
> I have included a commented pledge block in snmpe.c below (which will not be
> committed) which I believe would be possible if we moved the code that
> violates pledge to another unpledged process. If we think that is worth while
> I could pursue it further.
>
> In the mean time I am looking for comments and/or ok's for the snmpd.c and
> traphandler.c diffs below.
>
> This passes the newly committed snmpd regression tests.
>
> Regards,
>
> Rob
try to sort the pledge arguments in this order:
stdio rpath wpath cpath fattr flock inet unix dns route mcast dns id getpw \
proc recvfd sendfd exec tty
> Index: snmpd.c
> ===
> RCS file: /cvs/src/usr.sbin/snmpd/snmpd.c,v
> retrieving revision 1.36
> diff -u -p -r1.36 snmpd.c
> --- snmpd.c 4 Apr 2017 02:37:15 - 1.36
> +++ snmpd.c 11 Aug 2017 20:10:50 -
> @@ -255,6 +255,9 @@ main(int argc, char *argv[])
>
> proc_connect(ps);
>
> + if (pledge("stdio rpath cpath sendfd dns proc exec id", NULL) == -1)
> + fatal("pledge");
> +
> event_dispatch();
>
> log_debug("%d parent exiting", getpid());
> Index: snmpe.c
> ===
> RCS file: /cvs/src/usr.sbin/snmpd/snmpe.c,v
> retrieving revision 1.48
> diff -u -p -r1.48 snmpe.c
> --- snmpe.c 27 Jul 2017 14:04:16 - 1.48
> +++ snmpe.c 11 Aug 2017 20:10:50 -
> @@ -105,6 +105,10 @@ snmpe_init(struct privsep *ps, struct pr
> snmpe_recvmsg, env);
> event_add(&so->s_ev, NULL);
> }
> +/*
> + if (pledge("stdio recvfd inet vminfo route", NULL) == -1)
> + fatal("pledge");
> + */
add a XXX not enabled because foobarbaz
> }
>
> void
> Index: traphandler.c
> ===
> RCS file: /cvs/src/usr.sbin/snmpd/traphandler.c,v
> retrieving revision 1.8
> diff -u -p -r1.8 traphandler.c
> --- traphandler.c 9 Jan 2017 14:49:22 - 1.8
> +++ traphandler.c 11 Aug 2017 20:10:50 -
> @@ -96,6 +96,9 @@ traphandler_init(struct privsep *ps, str
> struct snmpd*env = ps->ps_env;
> struct listen_sock *so;
>
> + if (pledge("stdio recvfd proc exec id", NULL) == -1)
> + fatal("pledge");
> +
> if (!env->sc_traphandler)
> return;
>
>