On Mon, Sep 24, 2018 at 10:53:47PM -0600, Theo de Raadt wrote:
> Ugh. A diff which doens't check error returns. Averting my gaze
> is similar to "no way". Hope you have another quarter, because you
> need to try again
Oops... new coin inserted. I decided to create a fatal_perror()
function
Ugh. A diff which doens't check error returns. Averting my gaze
is similar to "no way". Hope you have another quarter, because you
need to try again
Michael Mikonos wrote:
> Hello,
>
> I haven't tried using unveil() before but yacc cleanly annotates
> all the files it needs in open_files().
Hello,
I haven't tried using unveil() before but yacc cleanly annotates
all the files it needs in open_files(). The options -d -r -v each
cause an extra file to be written. unveil() is only needed for
the input file if not reading from stdin. Temporary files are
always under /tmp because TMPDIR
Hi tech@,
According to netcat source code, the `-T' option not only takes effect
in IPv4 but also IPv6:
if (Tflag != -1) {
if (af == AF_INET && setsockopt(s, IPPROTO_IP,
IP_TOS, , sizeof(Tflag)) == -1)
err(1, "set IP ToS");
hostsaddrinfo() is called from hosts() for non-IP keys, e.g.
`getent hosts foo openbsd.org'.
Using getnameinfo(2) simplifies the code, makes it less address family
specific and plays nicely with previously used getaddrinfo(2).
While here, make function paramter `const', sort stack variables by
On Mon, 24 Sep 2018 09:41:02 -0600, "Theo de Raadt" wrote:
> > I wonder if we can do unveil(NULL, NULL) for getent databases without
> > an explicit file. A quick test seems to work for dns.
>
> If the pledge lacks "unveil", you get the same effect.
Am I correct in thinking that the veil is not
On Mon, Sep 24, 2018 at 08:56:14PM +0100, Ricardo Mestre wrote:
> I actually prefer to see it go away since it doesn't protect us much and the
> real meat is actually on the pledge(2) inside the loop. Nevertheless this
> still
> should on a separate commit.
OK kn
I actually prefer to see it go away since it doesn't protect us much and the
real meat is actually on the pledge(2) inside the loop. Nevertheless this still
should on a separate commit.
OK?
Index: getent.c
===
RCS file:
On Mon, Sep 24, 2018 at 10:49:42AM +0100, Ricardo Mestre wrote:
> Comments? OK? The initial pledge(2) is so short lived that I was tempted to
> remove it, but I'm open to suggestions :)
Is there any compelling reason to keep the initial superset pledge?
Without it, the only code paths without
On Mon, Sep 24, 2018 at 09:33:50AM -0600, Todd C. Miller wrote:
> I wonder if we can do unveil(NULL, NULL) for getent databases without
> an explicit file. A quick test seems to work for dns.
Same thought here at first, but we're pledging without "unveil" promise
after unveiling files so no need
Todd C. Miller wrote:
> On Mon, 24 Sep 2018 09:21:17 -0600, "Theo de Raadt" wrote:
>
> > Only passwd, group, netid, and ethers are supported. Well, there
> > is hosts (== networks in our case) but that translation happens
> > seperately.
>
> That's what I thought from a grep of libc. So I
On Mon, 24 Sep 2018 09:21:17 -0600, "Theo de Raadt" wrote:
> Only passwd, group, netid, and ethers are supported. Well, there
> is hosts (== networks in our case) but that translation happens
> seperately.
That's what I thought from a grep of libc. So I don't see any
reason why Ricardo's diff
Todd C. Miller wrote:
> On Mon, 24 Sep 2018 13:46:51 +0100, Ricardo Mestre wrote:
>
> > Oh boy, I took a brief look into Makefile.yp(8), let's forget about
> > this since ALL of them can have YP maps (except for /etc/shells).
>
> Not all of those actually have plumbing in libc as far as I can
On Mon, 24 Sep 2018 13:46:51 +0100, Ricardo Mestre wrote:
> Oh boy, I took a brief look into Makefile.yp(8), let's forget about
> this since ALL of them can have YP maps (except for /etc/shells).
Not all of those actually have plumbing in libc as far as I can
tell. I think we only support
Looks good to me. Clever.
Oh boy, I took a brief look into Makefile.yp(8), let's forget about
this since ALL of them can have YP maps (except for /etc/shells).
On 06:20 Mon 24 Sep , Todd C. Miller wrote:
> On Mon, 24 Sep 2018 12:25:51 +0100, Ricardo Mestre wrote:
>
> > Wouldn't this be already contemplated by
On Mon, 24 Sep 2018 12:25:51 +0100, Ricardo Mestre wrote:
> Wouldn't this be already contemplated by pledge(getpw) on both group and
> passwd databases? I'm not touching those since they already whitelist
> all necessary files through pledge(2).
I think you are correct, it appears the getpw
Wouldn't this be already contemplated by pledge(getpw) on both group and
passwd databases? I'm not touching those since they already whitelist
all necessary files through pledge(2).
On 05:11 Mon 24 Sep , Todd C. Miller wrote:
> I doubt this will work on systems using YP or ypldap.
>
> -
I doubt this will work on systems using YP or ypldap.
- todd
Hi,
Since the databases that require rpath only need to access one file we can add
one attribute to the struct getentdb to identify which of those DBs we need
unveiled. For group/hosts/passwd the files are already whitelisted through
pledge(2) so I set them as NULL.
With that information we can
20 matches
Mail list logo