pledge(2) and spamd(8)

Wed, 28 Oct 2015 09:20:15 -0700 

Hi
I was just trying to pledge(2) spamd(8), nevertheless came across 2 priviliges kern_pledge.c is missing for this to work. 


First spamd(8) needs to read sysctl kern.maxfiles in order to see if it 
can launch with that value or not, and second if the multicast options 
are passed as parameters then it also needs IP_MULTICAST_TTL since 
spamd(8) calls setsockopt(2) with that option set:


Index: kern_pledge.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.89
diff -u -p -u -r1.89 kern_pledge.c
--- kern_pledge.c       28 Oct 2015 15:33:44 -0000      1.89
+++ kern_pledge.c       28 Oct 2015 16:13:31 -0000
@@ -889,6 +889,9 @@ pledge_sysctl_check(struct proc *p, int
                if (miblen == 3 &&                      /* kern.cptime2 */
                    mib[0] == CTL_KERN && mib[1] == KERN_CPTIME2)
                        return (0);
+               if (miblen == 2 &&          /* kern.maxfiles */
+                   mib[0] == CTL_KERN && mib[1] == KERN_MAXFILES)
+                       return (0);
        }

        if ((p->p_p->ps_pledge & PLEDGE_PS)) {
@@ -1210,6 +1213,7 @@ pledge_sockopt_check(struct proc *p, int
                case IP_RECVDSTPORT:
                        return (0);
                case IP_MULTICAST_IF:
+               case IP_MULTICAST_TTL:
                case IP_ADD_MEMBERSHIP:
                case IP_DROP_MEMBERSHIP:
                        if (p->p_p->ps_pledge & PLEDGE_MCAST)




With this patch then spamd(8) works with the patch below (I used a lot 
of options that I use on my servers like greylisting options, multicast, 
certificate, stuttering etc). Bear in mind that this is just an initial 
patch and the priviliges can be dropped further down the code and also 
that I'm just beginning and sharing this more as a question if I can go 
down this road than as a request:


Index: spamd.c
===================================================================
RCS file: /cvs/src/libexec/spamd/spamd.c,v
retrieving revision 1.130
diff -u -p -u -r1.130 spamd.c
--- spamd.c     10 Sep 2015 13:56:12 -0000      1.130
+++ spamd.c     28 Oct 2015 14:30:57 -0000
@@ -1211,6 +1211,9 @@ main(int argc, char *argv[])
        char *tlskeyfile = NULL;
        char *tlscertfile = NULL;


+       if (pledge("stdio rpath wpath inet dns ioctl id route mcast proc 
flock ps", NULL) == -1)

+               err(1, "pledge");
+
        tzset();
        openlog_r("spamd", LOG_PID | LOG_NDELAY, LOG_DAEMON, &sdata);

@@ -1227,6 +1230,10 @@ main(int argc, char *argv[])
        if (gethostname(hostname, sizeof hostname) == -1)
                err(1, "gethostname");
        maxfiles = get_maxfiles();
+

+       if (pledge("stdio rpath wpath inet dns ioctl id route mcast proc 
flock", NULL) == -1)

+               err(1, "pledge");
+
        if (maxcon > maxfiles)
                maxcon = maxfiles;
        if (maxblack > maxfiles)


Best regards,
Ricardo Mestre























					Reply via email to