ok yasuoka, the diff is tested. On Sat, 10 Oct 2015 21:58:02 -0700 Philip Guenther <guent...@gmail.com> wrote: > On Sat, 10 Oct 2015, Theo de Raadt wrote: >> I don't know the code either, but it is probably better if privsep's had >> more narrow task-specific operations. Like open-specific-file-for-read, >> and open log-over-there. Privsep operations should be tightly >> specified, not very generic.
I see. I'll fix them. >> Then the child can't open anything. It feels like this should be >> PRIVSEP_GET_NEW_TUN (with the parent selecting which one) > > Yeah. It *does* currently check the path against a list...but I just > noticed that that check is mostly broken, permitted read-only open of any > path! > > This needs to be broken into at least two privsep operations, with at > least the NPPPD_DIR part in its own call! I think I could understand how it is broken. I'll fix it as well. --yasuoka