Re: ntpd && pledge

2016-07-07 Thread Joel Sing 
On Thursday 07 July 2016 00:32:04 Ian Mcwilliam wrote:
> Seems changes to pledge have made ntpd abort.
> 
> ntpd(67855): syscall 5 "rpath"
> ntpd(81479): syscall 5 "rpath"
> 
> Jul  7 10:29:23 ianm-openbsd ntpd[76119]: constraint
> 2404:6800:4006:800::2004; terminated with signal 6 (Abort trap)

Thanks - this was actually due to a change to libtls, which has been reverted.

ntpd && pledge

2016-07-06 Thread Ian Mcwilliam 
Seems changes to pledge have made ntpd abort.

ntpd(67855): syscall 5 "rpath"
ntpd(81479): syscall 5 "rpath"

Jul  7 10:29:23 ianm-openbsd ntpd[76119]: constraint 2404:6800:4006:800::2004; 
terminated with signal 6 (Abort trap)

Ian McWilliam

Re: ntpd pledge, needs "unix" to talk to ntpctl

2015-11-20 Thread Theo de Raadt 
> Andreas Kusalananda K=C3=A4h=C3=A4ri  writes:
> 
> > Hi,
> >
> > I noticed that ntpd would die if I tried to use ntpctl to check on it:
> >
> > [...]
> > 29946 ntpd CALL  poll(0xda8993ab5c0,4,1000)
> > 29946 ntpd RET   poll 1
> > 29946 ntpd CALL  kbind(0x7f7c2558,0x18,0x7bb3facd5f812ed9)
> > 29946 ntpd RET   kbind 0
> > 29946 ntpd CALL  accept(5,0x7f7c2630,0x7f7c262c)
> > 29946 ntpd PLDG  accept, "unix", errno 1 Operation not permitted
> > 29946 ntpd PSIG  SIGABRT SIG_DFL
> > [...]
> >
> > I also get ntpd(): syscall 30 "unix" in the console.
> 
> Confirmed, the failure is in control_accept(), which should be allowed
> to speak on a Unix socket.
> 
> See the diff below.
> 
> > Cheer,
> >
> > ps. is tech@ the right list for these sorts of things?
> 
> For this case I'd say "yes", as it was trivial for me to reproduce the
> bug.
> 
> Index: ntp.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

you are sending mime again.

the kernel has been fixed for this issue, not ntpd.  We don't want that
process able to open sockets outbound, which your diff does.

Re: ntpd pledge, needs "unix" to talk to ntpctl

2015-11-20 Thread Reyk Floeter 
On Fri, Nov 20, 2015 at 02:07:46PM +0100, J??r??mie Courr??ges-Anglas wrote:
> Andreas Kusalananda K??h??ri  writes:
> 
> > Hi,
> >
> > I noticed that ntpd would die if I tried to use ntpctl to check on it:
> >
> > [...]
> > 29946 ntpd CALL  poll(0xda8993ab5c0,4,1000)
> > 29946 ntpd RET   poll 1
> > 29946 ntpd CALL  kbind(0x7f7c2558,0x18,0x7bb3facd5f812ed9)
> > 29946 ntpd RET   kbind 0
> > 29946 ntpd CALL  accept(5,0x7f7c2630,0x7f7c262c)
> > 29946 ntpd PLDG  accept, "unix", errno 1 Operation not permitted
> > 29946 ntpd PSIG  SIGABRT SIG_DFL
> > [...]
> >
> > I also get ntpd(): syscall 30 "unix" in the console.
> 
> Confirmed, the failure is in control_accept(), which should be allowed
> to speak on a Unix socket.
> 
> See the diff below.
> 

There was some semantical fix in sys/kern/uipc_usrreq.c for unix
sockets that might have triggered it.  I'm sure I had used ntpctl with
"older" pledge.

The diff looks OK, with the drawback that the ntp process now needs
"all of unix" for the accept() - but the unix socket is pre-opened
before its pledge/chroot.

OK reyk@

> Index: ntp.c
> ===
> RCS file: /cvs/src/usr.sbin/ntpd/ntp.c,v
> retrieving revision 1.139
> diff -u -p -p -u -r1.139 ntp.c
> --- ntp.c 30 Oct 2015 16:41:53 -  1.139
> +++ ntp.c 20 Nov 2015 13:03:29 -
> @@ -149,7 +149,7 @@ ntp_main(int pipe_prnt[2], int fd_ctl, s
>   endservent();
>  
>   /* The ntp process will want to open NTP client sockets -> "inet" */
> - if (pledge("stdio inet", NULL) == -1)
> + if (pledge("stdio unix inet", NULL) == -1)
>   err(1, "pledge");
>  
>   signal(SIGTERM, ntp_sighdlr);
> 
> -- 
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE
> 

--

Re: ntpd pledge, needs "unix" to talk to ntpctl

2015-11-20 Thread Jérémie Courrèges-Anglas 
Reyk Floeter  writes:

> On Fri, Nov 20, 2015 at 02:07:46PM +0100, J??r??mie Courr??ges-Anglas wrote:
>> Andreas Kusalananda K??h??ri  writes:
>> 
>> > Hi,
>> >
>> > I noticed that ntpd would die if I tried to use ntpctl to check on it:
>> >
>> > [...]
>> > 29946 ntpd CALL  poll(0xda8993ab5c0,4,1000)
>> > 29946 ntpd RET   poll 1
>> > 29946 ntpd CALL  kbind(0x7f7c2558,0x18,0x7bb3facd5f812ed9)
>> > 29946 ntpd RET   kbind 0
>> > 29946 ntpd CALL  accept(5,0x7f7c2630,0x7f7c262c)
>> > 29946 ntpd PLDG  accept, "unix", errno 1 Operation not permitted
>> > 29946 ntpd PSIG  SIGABRT SIG_DFL
>> > [...]
>> >
>> > I also get ntpd(): syscall 30 "unix" in the console.
>> 
>> Confirmed, the failure is in control_accept(), which should be allowed
>> to speak on a Unix socket.
>> 
>> See the diff below.
>> 
>
> There was some semantical fix in sys/kern/uipc_usrreq.c for unix
> sockets that might have triggered it.

Yup.  And the change that lead to this ntpd failure was amended earlier
today, so the patch isn't actually needed.

Cheers,

> I'm sure I had used ntpctl with
> "older" pledge.
>
> The diff looks OK, with the drawback that the ntp process now needs
> "all of unix" for the accept() - but the unix socket is pre-opened
> before its pledge/chroot.
>
> OK reyk@
>
>> Index: ntp.c
>> ===
>> RCS file: /cvs/src/usr.sbin/ntpd/ntp.c,v
>> retrieving revision 1.139
>> diff -u -p -p -u -r1.139 ntp.c
>> --- ntp.c30 Oct 2015 16:41:53 -  1.139
>> +++ ntp.c20 Nov 2015 13:03:29 -
>> @@ -149,7 +149,7 @@ ntp_main(int pipe_prnt[2], int fd_ctl, s
>>  endservent();
>>  
>>  /* The ntp process will want to open NTP client sockets -> "inet" */
>> -if (pledge("stdio inet", NULL) == -1)
>> +if (pledge("stdio unix inet", NULL) == -1)
>>  err(1, "pledge");
>>  
>>  signal(SIGTERM, ntp_sighdlr);
>> 
>> -- 
>> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE
>> 


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

ntpd pledge, needs "unix" to talk to ntpctl

2015-11-19 Thread Andreas Kusalananda Kähäri 
Hi,

I noticed that ntpd would die if I tried to use ntpctl to check on it:

[...]
29946 ntpd CALL  poll(0xda8993ab5c0,4,1000)
29946 ntpd RET   poll 1
29946 ntpd CALL  kbind(0x7f7c2558,0x18,0x7bb3facd5f812ed9)
29946 ntpd RET   kbind 0
29946 ntpd CALL  accept(5,0x7f7c2630,0x7f7c262c)
29946 ntpd PLDG  accept, "unix", errno 1 Operation not permitted
29946 ntpd PSIG  SIGABRT SIG_DFL
[...]

I also get ntpd(): syscall 30 "unix" in the console.

Cheer,

ps. is tech@ the right list for these sorts of things?

-- 
:: Andreas Kusalananda Kähäri
:: Bioinformatics Developer
:: Uppsala, Sweden
::--