Re: diff: pledge snmpd

Sebastian Benoit Fri, 11 Aug 2017 17:02:28 -0700

ok with 2 comments below

Rob Pierce(r...@2keys.ca) on 2017.08.11 16:35:21 -0400:
> The following diff pledges two of three processes in snmpd: the parent snmpd
> process and the trap handler. We cannot currently pledge snmpe as snmp 
> requests
> asking for privileged kernel info are disallowed by pledge.
> 
> I have included a commented pledge block in snmpe.c below (which will not be
> committed) which I believe would be possible if we moved the code that
> violates pledge to another unpledged process. If we think that is worth while
> I could pursue it further.
> 
> In the mean time I am looking for comments and/or ok's for the snmpd.c and
> traphandler.c diffs below.
> 
> This passes the newly committed snmpd regression tests.
> 
> Regards,
> 
> Rob


try to sort the pledge arguments in this order:

  stdio rpath wpath cpath fattr flock inet unix dns route mcast dns id getpw \
    proc recvfd sendfd exec tty

 
> Index: snmpd.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/snmpd/snmpd.c,v
> retrieving revision 1.36
> diff -u -p -r1.36 snmpd.c
> --- snmpd.c   4 Apr 2017 02:37:15 -0000       1.36
> +++ snmpd.c   11 Aug 2017 20:10:50 -0000
> @@ -255,6 +255,9 @@ main(int argc, char *argv[])
>  
>       proc_connect(ps);
>  
> +     if (pledge("stdio rpath cpath sendfd dns proc exec id", NULL) == -1)
> +             fatal("pledge");
> +
>       event_dispatch();
>  
>       log_debug("%d parent exiting", getpid());
> Index: snmpe.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/snmpd/snmpe.c,v
> retrieving revision 1.48
> diff -u -p -r1.48 snmpe.c
> --- snmpe.c   27 Jul 2017 14:04:16 -0000      1.48
> +++ snmpe.c   11 Aug 2017 20:10:50 -0000
> @@ -105,6 +105,10 @@ snmpe_init(struct privsep *ps, struct pr
>                   snmpe_recvmsg, env);
>               event_add(&so->s_ev, NULL);
>       }
> +/*
> +     if (pledge("stdio recvfd inet vminfo route", NULL) == -1)
> +             fatal("pledge");
> + */

add a XXX not enabled because foobarbaz

>  }
>  
>  void
> Index: traphandler.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/snmpd/traphandler.c,v
> retrieving revision 1.8
> diff -u -p -r1.8 traphandler.c
> --- traphandler.c     9 Jan 2017 14:49:22 -0000       1.8
> +++ traphandler.c     11 Aug 2017 20:10:50 -0000
> @@ -96,6 +96,9 @@ traphandler_init(struct privsep *ps, str
>       struct snmpd            *env = ps->ps_env;
>       struct listen_sock      *so;
>  
> +     if (pledge("stdio recvfd proc exec id", NULL) == -1)
> +             fatal("pledge");
> +
>       if (!env->sc_traphandler)
>               return;
>  
>

Re: diff: pledge snmpd

Reply via email to