Loganaden Velvindron <lo...@elandsys.com> writes:
> Hi guys,
Hi,
> I've been playing with pledge in base. Here's a small patch for dhclient.
> It's still a WiP.
>
> I can kill -HUP dhclient, and so far no issues.
>
> I would like it to pledge before however, so that write operations (write_*)
> that take their input from the network are further tightened down. One
> of the vulnerabilities in ISC dhcp was a stack overflow due to unchecked
> condititions when writing to files.
>
> I was thinking about pledging the privchild proces. Or that might be
> overkill ?
>
> fork_privchld(int fd, int fd2) is calling dispatch_imsg() which contains the
> write operations to files.
>
>
> Feedback welcomed:
Sadly with this patch dhclient doesn't survive a suspend/resume or
a cable unplugging. Having this solved first would be nice, before
thinking about further tightening.
Nit below,
> Index: dhclient.c
> ===================================================================
> RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
> retrieving revision 1.365
> diff -u -p -r1.365 dhclient.c
> --- dhclient.c 26 Oct 2015 16:32:33 -0000 1.365
> +++ dhclient.c 2 Nov 2015 07:11:15 -0000
> @@ -64,6 +64,7 @@
> #include <pwd.h>
> #include <resolv.h>
> #include <stdint.h>
> +#include <unistd.h>
>
> char *path_dhclient_conf = _PATH_DHCLIENT_CONF;
> char *path_dhclient_db = NULL;
> @@ -595,6 +596,10 @@ main(int argc, char *argv[])
> endpwent();
>
> setproctitle("%s", ifi->name);
> +
> + if (pledge("stdio dns route inet proc", NULL) == -1)
> + error("pledge");
Please use error("pledge: %s", strerror(errno))
> +
> time(&client->startup_time);
>
> if (ifi->linkstat) {
>
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
