On Wed, Oct 04 2017, Sebastian Benoit <[email protected]> wrote: > i'm not sure that pledge there is correct. > > spawn() gets calles from gettcp() which gets called from the main event > loop, and directly from the event loop. > > The pledge here might be a convenient place to reduce pledges after the > initialization phase? > > It takes away the "cpath dns unix" pledges. Now, cpath is still needed > later,, as you dicovered. "dns" maybe too, as getnameinfo() is called in > gettcp().
That getnameinfo call shouldn't need "dns", we're only looking at the port in numeric form. An alternative would be to directly peek at sa_family/sin(6)_port. > So either your diff is correct, or we should only take away "unix" here. > > CC theo and jca as they did the original pledge here. The diff looks good to me, to be committed after unlock. *Maybe* there's room for improvement regarding the pledge promise here, but let's fix bugs first. > Anthony Coulter([email protected]) on 2017.10.03 20:10:41 -0400: >> When inetd listens on a unix domain socket AND at least one process >> connects to that socket, then when inetd shuts down it tries to >> unlink the socket and aborts because it lacks pledge("cpath"). >> >> Repro steps: >> # echo '/tmp/test.sock stream unix nowait nobody /usr/bin/true true' >> >>inetd.conf >> # /usr/sbin/inetd >> # nc -U /tmp/test.sock >> # date && pkill inetd >> # tail /var/log/messages >> >> Index: inetd.c >> =================================================================== >> RCS file: /cvs/src/usr.sbin/inetd/inetd.c,v >> retrieving revision 1.154 >> diff -u -p -r1.154 inetd.c >> --- inetd.c 25 Aug 2016 05:23:19 -0000 1.154 >> +++ inetd.c 4 Oct 2017 00:05:53 -0000 >> @@ -1763,8 +1763,13 @@ spawn(int ctrl, short events, void *xsep >> return; >> } >> >> - if (pledge("stdio rpath getpw inet proc exec id", NULL) == -1) >> - err(1, "pledge"); >> + if (sep->se_family == AF_UNIX) { >> + if (pledge("stdio rpath cpath getpw inet proc exec id", NULL) >> == -1) >> + err(1, "pledge"); >> + } else { >> + if (pledge("stdio rpath getpw inet proc exec id", NULL) == -1) >> + err(1, "pledge"); >> + } >> >> if (pid && sep->se_wait) { >> sep->se_wait = pid; >> > -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
