David Hill([email protected]) on 2015.11.10 11:44:39 -0500:
> Hello -
>
> pledge starts after getopt because of setrtable.
>
> rpath needed incase -k (kvm_openfile)
> proc needed for drop_gid (setresgid)
>
> I believe I've hit every code path. More eyes are welcome.
Hi,
two changes
-T at this time does not work with pledge. setsockopt(...IP_TOS) is not
allowed. so i disable it except for the last pledge in the client case.
with -s, we need "inet" in the event loop because there we will do
accept(). move the pledge("stdin") into the client case only.
ok?
diff --git usr.bin/tcpbench/tcpbench.c usr.bin/tcpbench/tcpbench.c
index 6bd2027..e753fbf 100644
--- usr.bin/tcpbench/tcpbench.c
+++ usr.bin/tcpbench/tcpbench.c
@@ -986,8 +986,6 @@ quit(int sig, short event, void *arg)
int
main(int argc, char **argv)
{
- extern int optind;
- extern char *optarg;
struct timeval tv;
unsigned int secs, rtable;
@@ -1108,6 +1106,16 @@ main(int argc, char **argv)
}
}
+ /*
+ * XXX pledge
+ * -T toskeyword cannot be used with pledge() at this time because
+ * the IP_TOS setsockopt(2) is not allowed even with promise "inet"
+ * other pledge() calls below need revisiting as well.
+ */
+ if (ptb->Tflag == -1 &&
+ pledge("stdio rpath dns inet id proc", NULL) == -1)
+ err(1, "pledge");
+
argv += optind;
argc -= optind;
if ((argc != (ptb->sflag ? 0 : 1)) ||
@@ -1125,6 +1133,10 @@ main(int argc, char **argv)
} else
drop_gid();
+ if (ptb->Tflag == -1 &&
+ pledge("stdio id dns inet", NULL) == -1)
+ err(1, "pledge");
+
if (!ptb->sflag)
host = argv[0];
/*
@@ -1169,6 +1181,10 @@ main(int argc, char **argv)
errx(1, "getaddrinfo: %s", gai_strerror(herr));
}
+ if (ptb->Tflag == -1 &&
+ pledge("stdio id inet", NULL) == -1)
+ err(1, "pledge");
+
if (getrlimit(RLIMIT_NOFILE, &rl) == -1)
err(1, "getrlimit");
if (rl.rlim_cur < MAX_FD)
@@ -1177,7 +1193,11 @@ main(int argc, char **argv)
err(1, "setrlimit");
if (getrlimit(RLIMIT_NOFILE, &rl) == -1)
err(1, "getrlimit");
-
+
+ if (ptb->Tflag == -1 &&
+ pledge("stdio inet", NULL) == -1)
+ err(1, "pledge");
+
/* Init world */
TAILQ_INIT(&sc_queue);
if ((ptb->dummybuf = malloc(ptb->dummybuf_len)) == NULL)
@@ -1215,8 +1235,11 @@ main(int argc, char **argv)
evtimer_add(&ev_progtimer, &tv);
}
client_init(aitop, nconn, udp_sc, aib);
+
+ if (pledge("stdio", NULL) == -1)
+ err(1, "pledge");
}
-
+
/* libevent main loop*/
event_dispatch();
