Re: Add pledge(2) for rebound(8)'s parent proc
Ugh! :\ You're right, and that sysctl is not allowed by pledge(2). Please disregard this diff. On 18:00 Fri 16 Jun , Sebastien Marie wrote: > On Fri, Jun 16, 2017 at 03:53:09PM +0100, Ricardo Mestre wrote: > > Hi tech@ > > > > rebound(8)'s parent proc doesn't seem to need much permissions to do what it > > needs, here is the pledge for the parent for the following promises: > > > > rpath: reload the configuration at reexec time (see below) > > proc/exec: needed to reexec itself and kill child if needed > > > > rebound will not be able to restore dnsjacking on exit. > > there is an atexit() call with resetport function. > > At exit, the function should be able to set { CTL_KERN, KERN_DNSJACKPORT }, > and it will not be able to do that if pledged. > > -- > Sebastien Marie
Re: Add pledge(2) for rebound(8)'s parent proc
On Fri, Jun 16, 2017 at 03:53:09PM +0100, Ricardo Mestre wrote: > Hi tech@ > > rebound(8)'s parent proc doesn't seem to need much permissions to do what it > needs, here is the pledge for the parent for the following promises: > > rpath: reload the configuration at reexec time (see below) > proc/exec: needed to reexec itself and kill child if needed > rebound will not be able to restore dnsjacking on exit. there is an atexit() call with resetport function. At exit, the function should be able to set { CTL_KERN, KERN_DNSJACKPORT }, and it will not be able to do that if pledged. -- Sebastien Marie
Add pledge(2) for rebound(8)'s parent proc
Hi tech@ rebound(8)'s parent proc doesn't seem to need much permissions to do what it needs, here is the pledge for the parent for the following promises: rpath: reload the configuration at reexec time (see below) proc/exec: needed to reexec itself and kill child if needed Comments? OK? Index: rebound.c === RCS file: /cvs/src/usr.sbin/rebound/rebound.c,v retrieving revision 1.84 diff -u -p -u -r1.84 rebound.c --- rebound.c 31 May 2017 04:52:11 - 1.84 +++ rebound.c 16 Jun 2017 14:07:40 - @@ -996,5 +996,8 @@ main(int argc, char **argv) logerr("daemon: %s", strerror(errno)); daemonized = 1; + if (pledge("stdio rpath proc exec", NULL) == -1) + logerr("pledge failed"); + return monitorloop(ud, ld, ud6, ld6, confname); }