Re: no pcap file from isakmpd in OBSD6.6
Christoph Leser wrote: Hi, after upgrading openbsd6.5 to oopenbsd6.6 using sysupgrade isakmpd does no longer write pcap files in /var/run. In /var/log/messages we see the following message: isakmpd[7385]: log_packet_init: fopen ("/var/run/isakmpd.pcap", "w") failed: Permission denied On 2019-12-03 19:30, Theo de Raadt wrote: m_priv_local_sanitize_path() contains some realpath() checks. I think this is either exposing realpath() abuse( as a result of the new in-kernel realpath to support unveil better), or it is hitting the realpath() bug which was fixed post-release? I get similar message when trying to report information about SAs to isakmpd.results through isakmpd.fifo on 6.6. echo "S" > /var/run/isakmpd.fifo ...(as root) doesn't return anything, doesn't create results file, and gives error message in log: Feb 6 21:20:16 kerber isakmpd[36105]: ui_open_result: fopen() failed: Permission denied If someone knows about some workaround for obtaining isakmpd.results on 6.6 I'd be very grateful (or at least binary patch :D ) -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
Re: no pcap file from isakmpd in OBSD6.6
m_priv_local_sanitize_path() contains some realpath() checks. I think this is either exposing realpath() abuse( as a result of the new in-kernel realpath to support unveil better), or it is hitting the realpath() bug which was fixed post-release? Christoph Leser wrote: > Hi, > > after upgrading openbsd6.5 to oopenbsd6.6 using sysupgrade isakmpd does no > longer write pcap files in /var/run. > > In /var/log/messages we see the following message: > > isakmpd[7385]: log_packet_init: fopen ("/var/run/isakmpd.pcap", "w") failed: > Permission denied > > Any ideas? > > Mit freundlichen GrüÃen / Best regards / Meilleures salutations > > > Christoph Leser > Systemtechnik > > > S Computersysteme GmbH > Systemhaus für Logistik > Zettachring 4 > 70567Stuttgart > www.sup-logistik.de > > T: +49 711 726 41-0 > F: +49 711 726 41-70 > christoph.le...@sup-logistik.de > > >    > > Amtsgericht Stuttgart HRB 11921 > Geschäftsführer: Horst Reichert, Rémy El Abd > > Informationspflicht zur Datenverarbeitung: > Kunden: Hier >> > Dienstleister / Lieferanten: Hier>> >
no pcap file from isakmpd in OBSD6.6
Hi, after upgrading openbsd6.5 to oopenbsd6.6 using sysupgrade isakmpd does no longer write pcap files in /var/run. In /var/log/messages we see the following message: isakmpd[7385]: log_packet_init: fopen ("/var/run/isakmpd.pcap", "w") failed: Permission denied Any ideas? Mit freundlichen Grüßen / Best regards / Meilleures salutations Christoph Leser Systemtechnik S Computersysteme GmbH Systemhaus für Logistik Zettachring 4 70567Stuttgart www.sup-logistik.de T: +49 711 726 41-0 F: +49 711 726 41-70 christoph.le...@sup-logistik.de Amtsgericht Stuttgart HRB 11921 Geschäftsführer: Horst Reichert, Rémy El Abd Informationspflicht zur Datenverarbeitung: Kunden: Hier >> Dienstleister / Lieferanten: Hier>>