Hello,
I just wanted to double check if there is any additional feedback on the patch.
I am happy to make changes or discuss alternative approaches.
Thank you,
Stephen
On Tue, Oct 3, 2023 at 11:33 PM Stephen Fox wrote:
>
> Hello,
>
> I received feedback from deraadt that the first two
Hello,
I received feedback from deraadt that the first two unveil(2) calls were
unnecessary because pledge(2) automatically unveils "/usr/share/zoneinfo".
This updated patch removes the unneeded unveil(2) calls.
Best regards,
Stephen
---
usr.sbin/dhcpd/confpars.c | 41
Hello,
While reading dhcpd's code, I noticed it parses the lease database
file ("/var/db/dhcpd.leases") while the process is running as root.
This happens prior to switching to the "_dhcp" user and calling
chroot(2) / pledge(2).
This is potentially unsafe because the lease database file contains