On Mon, Oct 07, 2019 at 11:16:22AM +0100, Stuart Henderson wrote: > On 2019/10/07 09:53, Theo Buehler wrote: > > $ doas /usr/sbin/unbound-anchor -v > > /var/unbound/db/root.key has content > > [1570433629] libunbound[28321:0] fatal error: could not open autotrust file > > for writing, /var/unbound/db/root.key.28321-0-1966ee948e00: No such file or > > directory > > > > The problem is the following change that came with the update to 1.9.3: > > > > - Add hex print of trust anchor pointer to trust anchor file temp > > name to make it unique, for libunbound created multiple contexts. > > > > See > > https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/unbound/validator/autotrust.c.diff?r1=1.10&r2=1.11 > > > > Thus, the unveil code in smallapp/unbound-anchor.c needs some > > adjustment. > > > > if (asprintf(&root_anchor_tempfile, "%s.%d-0", root_anchor_file, > > getpid()) == -1) { > > if(verb) printf("out of memory\n"); > > exit(0); > > } > > > > if (unveil(root_anchor_file, "rwc") == -1) > > err(1, "unveil"); > > if (unveil(root_anchor_tempfile, "rwc") == -1) > > err(1, "unveil"); > > > > The problem is that tp used for tempfile generation is not yet known at > > that point. Not sure how best to deal with this. > > Just unveil the directory?
yes, however dirname(3) has this: CAVEATS Other vendor implementations of dirname() may modify the contents of the string passed to dirname(); this should be taken into account when writing code which calls this function if portability is desired. I think we want a strdup here. > > Index: smallapp/unbound-anchor.c > =================================================================== > RCS file: /cvs/src/usr.sbin/unbound/smallapp/unbound-anchor.c,v > retrieving revision 1.12 > diff -u -p -r1.12 unbound-anchor.c > --- smallapp/unbound-anchor.c 10 Jan 2019 12:13:44 -0000 1.12 > +++ smallapp/unbound-anchor.c 7 Oct 2019 10:14:56 -0000 > @@ -116,6 +116,7 @@ > */ > > #include <err.h> > +#include <libgen.h> > #include <unistd.h> > > #include "config.h" > @@ -2284,7 +2285,7 @@ int main(int argc, char* argv[]) > const char* res_conf = NULL; > const char* root_hints = NULL; > const char* debugconf = NULL; > - char* root_anchor_tempfile; > + char* root_anchor_temppath; > int dolist=0, ip4only=0, ip6only=0, force=0, port = HTTPS_PORT; > int res_conf_fallback = 0; > /* parse the options */ > @@ -2370,15 +2371,12 @@ int main(int argc, char* argv[]) > > if(dolist) do_list_builtin(); > > - if (asprintf(&root_anchor_tempfile, "%s.%d-0", root_anchor_file, > - getpid()) == -1) { > + if (asprintf(&root_anchor_temppath, "%s", > + dirname(root_anchor_file)) == -1) { > if(verb) printf("out of memory\n"); > exit(0); > } > - > - if (unveil(root_anchor_file, "rwc") == -1) > - err(1, "unveil"); > - if (unveil(root_anchor_tempfile, "rwc") == -1) > + if (unveil(root_anchor_temppath, "rwc") == -1) > err(1, "unveil"); > if (unveil(root_cert_file, "r") == -1) > err(1, "unveil"); > -- I'm not entirely sure you are real.