Loganaden Velvindron <lo...@elandsys.com> writes: > Hi guys,
Hi, > I've been playing with pledge in base. Here's a small patch for dhclient. > It's still a WiP. > > I can kill -HUP dhclient, and so far no issues. > > I would like it to pledge before however, so that write operations (write_*) > that take their input from the network are further tightened down. One > of the vulnerabilities in ISC dhcp was a stack overflow due to unchecked > condititions when writing to files. > > I was thinking about pledging the privchild proces. Or that might be > overkill ? > > fork_privchld(int fd, int fd2) is calling dispatch_imsg() which contains the > write operations to files. > > > Feedback welcomed: Sadly with this patch dhclient doesn't survive a suspend/resume or a cable unplugging. Having this solved first would be nice, before thinking about further tightening. Nit below, > Index: dhclient.c > =================================================================== > RCS file: /cvs/src/sbin/dhclient/dhclient.c,v > retrieving revision 1.365 > diff -u -p -r1.365 dhclient.c > --- dhclient.c 26 Oct 2015 16:32:33 -0000 1.365 > +++ dhclient.c 2 Nov 2015 07:11:15 -0000 > @@ -64,6 +64,7 @@ > #include <pwd.h> > #include <resolv.h> > #include <stdint.h> > +#include <unistd.h> > > char *path_dhclient_conf = _PATH_DHCLIENT_CONF; > char *path_dhclient_db = NULL; > @@ -595,6 +596,10 @@ main(int argc, char *argv[]) > endpwent(); > > setproctitle("%s", ifi->name); > + > + if (pledge("stdio dns route inet proc", NULL) == -1) > + error("pledge"); Please use error("pledge: %s", strerror(errno)) > + > time(&client->startup_time); > > if (ifi->linkstat) { > -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE