Stuart Henderson <s...@spacehopper.org> wrote:

> On 2018/08/11 15:57, Theo de Raadt wrote:
> > Stuart Henderson <s...@spacehopper.org> wrote:
> > 
> > > On 2018/08/11 19:32, Sebastien Marie wrote:
> > > >                                                          I am also
> > > > unsure if loadfirmware() steal the slaacd context due to the use of
> > > > `curproc'.
> > > 
> > > since it was using ifconfig context (as seen with unveil) that seems 
> > > likely
> > 
> > In the ps listing there is a * next to slaacd.
> > 
> > This is not ifconfig's context.  It crashed in pledge code, because it
> > was a process which is pledged.  Which is the slaacd master.
> > 
> > It is a very tricky and fun bug.
> > 
> 
> Ah. I had been thinking slaacd might bring the interface up like ifconfig
> and dhclient do, but now I see that's not the case. Fun indeed!

I believe the kernel is implicitly bringing the interface up.  I think
ifconfig tweaks something, creating a route message.  slaacd receives
a route message, and then something happens which is running in slaacd's
context but the traceback is muddled.

Reply via email to