CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2025/08/13 04:26:31
Modified files:
usr.sbin/vmd : config.c control.c priv.c proc.c proc.h
vm_agentx.c vmd.c vmm.c
Log message:
Simplify vmd(8) ipc setup in proc.c.
The ipc code in proc.c assumed a mesh of processes resembling a
fully connected graph. vmd(8) has a simple hub/spoke model. This
removes the mesh-centric code and simplifies the socketpair(2) usage
to just at fork(2)/execve(2) time.
This removes a security issue where untrusted imsg data was used
for indexing into complex structures holding the file descriptors
for this messh of sockets. An attacker controlling one end of an
imsg channel could craft a message to cause out of bound access
array access.
Reported by Shibo Ai, Shawn Zhang, Hugo Lefeuvre of UBC Systopia
Lab.
Tested by phessler@, ok deraadt@
