A go program that uses pledge("dns") mostly works except for two
incompatibilities with the way golang's dns library works. Otherwise
pledge("rpath") is required.
1. go likes to stat /etc/hosts to check for changes. I think this is
reasonable behavior. Patch below adds a whitelist to the kernel to permit
this. (libc does not currently cache results, but it could..?)
2. go tries to look a file called mdns.allow which does not exist on openbsd.
There are several platform dependent branches in go/src/net/conf.go, trying to
read this file should be avoided on openbsd. Patch left as an exercise.
Point 2 is also trivially worked around by performing a dummy lookup of
localhost before enabling pledge, so no urgency, but point 1 requires a code
change somewhere.
Index: kern_pledge.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.278
diff -u -p -r1.278 kern_pledge.c
--- kern_pledge.c 20 Jan 2022 03:43:30 -0000 1.278
+++ kern_pledge.c 30 Jan 2022 21:01:43 -0000
@@ -733,12 +733,17 @@ pledge_namei(struct proc *p, struct name
break;
case SYS_stat:
- /* DNS needs /etc/resolv.conf. */
+ /* DNS needs /etc/{resolv.conf,hosts}. */
if ((ni->ni_pledge == PLEDGE_RPATH) &&
- (pledge & PLEDGE_DNS) &&
- strcmp(path, "/etc/resolv.conf") == 0) {
- ni->ni_cnd.cn_flags |= BYPASSUNVEIL;
- return (0);
+ (pledge & PLEDGE_DNS)) {
+ if (strcmp(path, "/etc/resolv.conf") == 0) {
+ ni->ni_cnd.cn_flags |= BYPASSUNVEIL;
+ return (0);
+ }
+ if (strcmp(path, "/etc/hosts") == 0) {
+ ni->ni_cnd.cn_flags |= BYPASSUNVEIL;
+ return (0);
+ }
}
break;
}
