subject:"unveil tcpdrop"

Re: unveil tcpdrop

2019-05-01 Thread Bryan Steele

On Tue, Apr 30, 2019 at 06:23:57PM +0100, Ricardo Mestre wrote:
> Went through my old sent emails and saw this one still pending on my tree.
> 
> Is this OK?
> 
> On 13:02 Wed 07 Nov , Ricardo Mestre wrote:
> > Hi,
> > 
> > tcpdrop(8) needs to access only two files, in this case /etc/hosts and
> > /etc/resolv.conf both with read permissions for the purpose of name 
> > resolution.
> > ethers(5) is not needed since we are not using any of the ether_*(3) family.
> > 
> > Since unistd.h needs to be included I also shuffled netdb.h into the right
> > place.
> > 
> > Comments? OK?
> > 
> > Index: tcpdrop.c
> > ===
> > RCS file: /cvs/src/usr.sbin/tcpdrop/tcpdrop.c,v
> > retrieving revision 1.17
> > diff -u -p -u -r1.17 tcpdrop.c
> > --- tcpdrop.c   16 Jan 2015 06:40:21 -  1.17
> > +++ tcpdrop.c   6 Nov 2018 10:48:10 -
> > @@ -27,10 +27,11 @@
> >  #include 
> >  
> >  #include 
> > +#include 
> >  #include 
> >  #include 
> >  #include 
> > -#include 
> > +#include 
> >  
> >  __dead void usage(void);
> >  
> > @@ -61,6 +62,13 @@ main(int argc, char **argv)
> > char *laddr1, *addr1, *port1, *faddr2, *addr2, *port2;
> > struct tcp_ident_mapping tir;
> > int gaierr, rval = 0;
> > +
> > +   if (unveil("/etc/hosts", "r") == -1)
> > +   err(1, "unveil");
> > +   if (unveil("/etc/resolv.conf", "r") == -1)
> > +   err(1, "unveil");
> > +   if (unveil(NULL, NULL) == -1)
> > +   err(1, "unveil");
> >  
> > memset(, 0, sizeof(hints));
> > hints.ai_family = AF_UNSPEC;

This seems low risk, and looks good to me also.

ok brynet@

Re: unveil tcpdrop

2019-05-01 Thread Sebastian Benoit

Ricardo Mestre(ser...@helheim.mooo.com) on 2019.04.30 18:23:57 +0100:
> Went through my old sent emails and saw this one still pending on my tree.
> 
> Is this OK?

you got an 

OK bluhm@

on Nov 7th.

and since i cant see a problem with it, ok benno@ too ;)

 
> On 13:02 Wed 07 Nov , Ricardo Mestre wrote:
> > Hi,
> > 
> > tcpdrop(8) needs to access only two files, in this case /etc/hosts and
> > /etc/resolv.conf both with read permissions for the purpose of name 
> > resolution.
> > ethers(5) is not needed since we are not using any of the ether_*(3) family.
> > 
> > Since unistd.h needs to be included I also shuffled netdb.h into the right
> > place.
> > 
> > Comments? OK?
> > 
> > Index: tcpdrop.c
> > ===
> > RCS file: /cvs/src/usr.sbin/tcpdrop/tcpdrop.c,v
> > retrieving revision 1.17
> > diff -u -p -u -r1.17 tcpdrop.c
> > --- tcpdrop.c   16 Jan 2015 06:40:21 -  1.17
> > +++ tcpdrop.c   6 Nov 2018 10:48:10 -
> > @@ -27,10 +27,11 @@
> >  #include 
> >  
> >  #include 
> > +#include 
> >  #include 
> >  #include 
> >  #include 
> > -#include 
> > +#include 
> >  
> >  __dead void usage(void);
> >  
> > @@ -61,6 +62,13 @@ main(int argc, char **argv)
> > char *laddr1, *addr1, *port1, *faddr2, *addr2, *port2;
> > struct tcp_ident_mapping tir;
> > int gaierr, rval = 0;
> > +
> > +   if (unveil("/etc/hosts", "r") == -1)
> > +   err(1, "unveil");
> > +   if (unveil("/etc/resolv.conf", "r") == -1)
> > +   err(1, "unveil");
> > +   if (unveil(NULL, NULL) == -1)
> > +   err(1, "unveil");
> >  
> > memset(, 0, sizeof(hints));
> > hints.ai_family = AF_UNSPEC;
>

Re: unveil tcpdrop

2019-04-30 Thread Ricardo Mestre

Went through my old sent emails and saw this one still pending on my tree.

Is this OK?

On 13:02 Wed 07 Nov , Ricardo Mestre wrote:
> Hi,
> 
> tcpdrop(8) needs to access only two files, in this case /etc/hosts and
> /etc/resolv.conf both with read permissions for the purpose of name 
> resolution.
> ethers(5) is not needed since we are not using any of the ether_*(3) family.
> 
> Since unistd.h needs to be included I also shuffled netdb.h into the right
> place.
> 
> Comments? OK?
> 
> Index: tcpdrop.c
> ===
> RCS file: /cvs/src/usr.sbin/tcpdrop/tcpdrop.c,v
> retrieving revision 1.17
> diff -u -p -u -r1.17 tcpdrop.c
> --- tcpdrop.c 16 Jan 2015 06:40:21 -  1.17
> +++ tcpdrop.c 6 Nov 2018 10:48:10 -
> @@ -27,10 +27,11 @@
>  #include 
>  
>  #include 
> +#include 
>  #include 
>  #include 
>  #include 
> -#include 
> +#include 
>  
>  __dead void   usage(void);
>  
> @@ -61,6 +62,13 @@ main(int argc, char **argv)
>   char *laddr1, *addr1, *port1, *faddr2, *addr2, *port2;
>   struct tcp_ident_mapping tir;
>   int gaierr, rval = 0;
> +
> + if (unveil("/etc/hosts", "r") == -1)
> + err(1, "unveil");
> + if (unveil("/etc/resolv.conf", "r") == -1)
> + err(1, "unveil");
> + if (unveil(NULL, NULL) == -1)
> + err(1, "unveil");
>  
>   memset(, 0, sizeof(hints));
>   hints.ai_family = AF_UNSPEC;

Re: unveil tcpdrop

2018-11-07 Thread Alexander Bluhm

On Wed, Nov 07, 2018 at 01:02:28PM +, Ricardo Mestre wrote:
> Hi,
> 
> tcpdrop(8) needs to access only two files, in this case /etc/hosts and
> /etc/resolv.conf both with read permissions for the purpose of name 
> resolution.
> ethers(5) is not needed since we are not using any of the ether_*(3) family.
> 
> Since unistd.h needs to be included I also shuffled netdb.h into the right
> place.
> 
> Comments? OK?

OK bluhm@

> Index: tcpdrop.c
> ===
> RCS file: /cvs/src/usr.sbin/tcpdrop/tcpdrop.c,v
> retrieving revision 1.17
> diff -u -p -u -r1.17 tcpdrop.c
> --- tcpdrop.c 16 Jan 2015 06:40:21 -  1.17
> +++ tcpdrop.c 6 Nov 2018 10:48:10 -
> @@ -27,10 +27,11 @@
>  #include 
>  
>  #include 
> +#include 
>  #include 
>  #include 
>  #include 
> -#include 
> +#include 
>  
>  __dead void   usage(void);
>  
> @@ -61,6 +62,13 @@ main(int argc, char **argv)
>   char *laddr1, *addr1, *port1, *faddr2, *addr2, *port2;
>   struct tcp_ident_mapping tir;
>   int gaierr, rval = 0;
> +
> + if (unveil("/etc/hosts", "r") == -1)
> + err(1, "unveil");
> + if (unveil("/etc/resolv.conf", "r") == -1)
> + err(1, "unveil");
> + if (unveil(NULL, NULL) == -1)
> + err(1, "unveil");
>  
>   memset(, 0, sizeof(hints));
>   hints.ai_family = AF_UNSPEC;

unveil tcpdrop

2018-11-07 Thread Ricardo Mestre

Hi,

tcpdrop(8) needs to access only two files, in this case /etc/hosts and
/etc/resolv.conf both with read permissions for the purpose of name resolution.
ethers(5) is not needed since we are not using any of the ether_*(3) family.

Since unistd.h needs to be included I also shuffled netdb.h into the right
place.

Comments? OK?

Index: tcpdrop.c
===
RCS file: /cvs/src/usr.sbin/tcpdrop/tcpdrop.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 tcpdrop.c
--- tcpdrop.c   16 Jan 2015 06:40:21 -  1.17
+++ tcpdrop.c   6 Nov 2018 10:48:10 -
@@ -27,10 +27,11 @@
 #include 
 
 #include 
+#include 
 #include 
 #include 
 #include 
-#include 
+#include 
 
 __dead void usage(void);
 
@@ -61,6 +62,13 @@ main(int argc, char **argv)
char *laddr1, *addr1, *port1, *faddr2, *addr2, *port2;
struct tcp_ident_mapping tir;
int gaierr, rval = 0;
+
+   if (unveil("/etc/hosts", "r") == -1)
+   err(1, "unveil");
+   if (unveil("/etc/resolv.conf", "r") == -1)
+   err(1, "unveil");
+   if (unveil(NULL, NULL) == -1)
+   err(1, "unveil");
 
memset(, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;

Re: unveil tcpdrop

Re: unveil tcpdrop

Re: unveil tcpdrop

Re: unveil tcpdrop

unveil tcpdrop

5 matches

Site Navigation

Mail list logo

Footer information