Hi guys,
I've been playing with pledge in base. Here's a small patch for dhclient.
It's still a WiP.
I can kill -HUP dhclient, and so far no issues.
I would like it to pledge before however, so that write operations (write_*)
that take their input from the network are further tightened down. One
of the vulnerabilities in ISC dhcp was a stack overflow due to unchecked
condititions when writing to files.
I was thinking about pledging the privchild proces. Or that might be
overkill ?
fork_privchld(int fd, int fd2) is calling dispatch_imsg() which contains the
write operations to files.
Feedback welcomed:
Index: dhclient.c
===================================================================
RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
retrieving revision 1.365
diff -u -p -r1.365 dhclient.c
--- dhclient.c 26 Oct 2015 16:32:33 -0000 1.365
+++ dhclient.c 2 Nov 2015 07:11:15 -0000
@@ -64,6 +64,7 @@
#include <pwd.h>
#include <resolv.h>
#include <stdint.h>
+#include <unistd.h>
char *path_dhclient_conf = _PATH_DHCLIENT_CONF;
char *path_dhclient_db = NULL;
@@ -595,6 +596,10 @@ main(int argc, char *argv[])
endpwent();
setproctitle("%s", ifi->name);
+
+ if (pledge("stdio dns route inet proc", NULL) == -1)
+ error("pledge");
+
time(&client->startup_time);
if (ifi->linkstat) {
