Re: no pcap file from isakmpd in OBSD6.6

2020-02-06 Thread Marko Cupać 

Christoph Leser  wrote:


Hi,

after upgrading openbsd6.5 to oopenbsd6.6 using sysupgrade isakmpd 
does no longer write pcap files in /var/run.


In /var/log/messages we see the following message:

isakmpd[7385]: log_packet_init: fopen ("/var/run/isakmpd.pcap", "w") 
failed: Permission denied


On 2019-12-03 19:30, Theo de Raadt wrote:

m_priv_local_sanitize_path() contains some realpath() checks.

I think this is either exposing realpath() abuse( as a result of the
new in-kernel realpath to support unveil better), or it is hitting the
realpath() bug which was fixed post-release?


I get similar message when trying to report information about SAs to
isakmpd.results through isakmpd.fifo on 6.6.

echo "S" > /var/run/isakmpd.fifo

...(as root) doesn't return anything, doesn't create results file, and
gives error message in log:

Feb  6 21:20:16 kerber isakmpd[36105]: ui_open_result: fopen() failed: 
Permission denied


If someone knows about some workaround for obtaining isakmpd.results
on 6.6 I'd be very grateful (or at least binary patch :D )

--
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/

Re: no pcap file from isakmpd in OBSD6.6

2019-12-03 Thread Theo de Raadt 
m_priv_local_sanitize_path() contains some realpath() checks.

I think this is either exposing realpath() abuse( as a result of the
new in-kernel realpath to support unveil better), or it is hitting the
realpath() bug which was fixed post-release?

Christoph Leser  wrote:

> Hi,
> 
> after upgrading openbsd6.5 to oopenbsd6.6 using sysupgrade isakmpd does no 
> longer write pcap files in /var/run.
> 
> In /var/log/messages we see the following message:
> 
> isakmpd[7385]: log_packet_init: fopen ("/var/run/isakmpd.pcap", "w") failed: 
> Permission denied
> 
> Any ideas?
> 
> Mit freundlichen Grüßen / Best regards / Meilleures salutations
> 
> 
> Christoph Leser
> Systemtechnik
>  
> 
> S Computersysteme GmbH
> Systemhaus für Logistik
> Zettachring 4
> 70567Stuttgart
> www.sup-logistik.de
> 
> T: +49 711 726 41-0
> F: +49 711 726 41-70 
> christoph.le...@sup-logistik.de
> 
> 
>    
> 
> Amtsgericht Stuttgart HRB 11921
> Geschäftsführer: Horst Reichert, Rémy El Abd
> 
> Informationspflicht zur Datenverarbeitung:
> Kunden: Hier >> 
> Dienstleister / Lieferanten: Hier>>
>

no pcap file from isakmpd in OBSD6.6

2019-12-03 Thread Christoph Leser 
Hi,

after upgrading openbsd6.5 to oopenbsd6.6 using sysupgrade isakmpd does no 
longer write pcap files in /var/run.

In /var/log/messages we see the following message:

isakmpd[7385]: log_packet_init: fopen ("/var/run/isakmpd.pcap", "w") failed: 
Permission denied

Any ideas?

Mit freundlichen Grüßen / Best regards / Meilleures salutations


Christoph Leser
Systemtechnik
 

S Computersysteme GmbH
Systemhaus für Logistik
Zettachring 4
70567Stuttgart
www.sup-logistik.de

T: +49 711 726 41-0
F: +49 711 726 41-70 
christoph.le...@sup-logistik.de


   

Amtsgericht Stuttgart HRB 11921
Geschäftsführer: Horst Reichert, Rémy El Abd

Informationspflicht zur Datenverarbeitung:
Kunden: Hier >> 
Dienstleister / Lieferanten: Hier>>