ospfd: pledge parent process

Sat, 01 Sep 2018 12:54:01 -0700 

Hi,

Since slaacd is able to use pledge in the parent process I thought it may
be possible for ospfd too.

It works fine until ospfd gets reloaded. At this point it uses setsockopt
to set the priority filter on the routing socket.

Since I could not find a promise for this I extended wroute. Does this make
sense? Would another promise or something completely different be better?


Remi



Index: kern_pledge.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.242
diff -u -p -r1.242 kern_pledge.c
--- kern_pledge.c       20 Aug 2018 10:00:04 -0000      1.242
+++ kern_pledge.c       1 Sep 2018 12:56:27 -0000
@@ -1295,7 +1295,7 @@ pledge_sockopt(struct proc *p, int set, 
                break;
        }
 
-       if ((p->p_p->ps_pledge & 
(PLEDGE_INET|PLEDGE_UNIX|PLEDGE_DNS|PLEDGE_YPACTIVE)) == 0)
+       if ((p->p_p->ps_pledge & 
(PLEDGE_INET|PLEDGE_ROUTE|PLEDGE_UNIX|PLEDGE_DNS|PLEDGE_YPACTIVE)) == 0)
                return pledge_fail(p, EPERM, PLEDGE_INET);
        /* In use by some service libraries */
        switch (level) {
@@ -1335,6 +1335,13 @@ pledge_sockopt(struct proc *p, int set, 
                                return (0);
                        }
                        break;
+               }
+       }
+
+       if (p->p_p->ps_pledge & PLEDGE_WROUTE) {
+               switch (level) {
+               case AF_ROUTE:
+                       return (0);
                }
        }
 



Index: control.c
===================================================================
RCS file: /cvs/src/usr.sbin/ospfd/control.c,v
retrieving revision 1.45
diff -u -p -r1.45 control.c
--- control.c   29 Aug 2018 08:43:16 -0000      1.45
+++ control.c   31 Aug 2018 14:11:53 -0000
@@ -124,16 +124,6 @@ control_listen(void)
        return (0);
 }
 
-void
-control_cleanup(char *path)
-{
-       if (path == NULL)
-               return;
-       event_del(&control_state.ev);
-       event_del(&control_state.evt);
-       unlink(path);
-}
-
 /* ARGSUSED */
 void
 control_accept(int listenfd, short event, void *bula)
Index: control.h
===================================================================
RCS file: /cvs/src/usr.sbin/ospfd/control.h,v
retrieving revision 1.7
diff -u -p -r1.7 control.h
--- control.h   29 Aug 2018 08:43:16 -0000      1.7
+++ control.h   31 Aug 2018 14:12:09 -0000
@@ -40,6 +40,5 @@ int   control_listen(void);
 void   control_accept(int, short, void *);
 void   control_dispatch_imsg(int, short, void *);
 int    control_imsg_relay(struct imsg *);
-void   control_cleanup(char *);
 
 #endif /* _CONTROL_H_ */
Index: ospfd.c
===================================================================
RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
retrieving revision 1.100
diff -u -p -r1.100 ospfd.c
--- ospfd.c     29 Aug 2018 08:43:17 -0000      1.100
+++ ospfd.c     1 Sep 2018 12:57:46 -0000
@@ -282,6 +282,9 @@ main(int argc, char *argv[])
            ospfd_conf->rdomain, ospfd_conf->redist_label_or_prefix) == -1)
                fatalx("kr_init failed");
 
+       if (pledge("stdio rpath sendfd wroute", NULL) == -1)
+               fatal("pledge");
+
        /* remove unneeded stuff from config */
        while ((a = LIST_FIRST(&ospfd_conf->area_list)) != NULL) {
                LIST_REMOVE(a, entry);
@@ -308,7 +311,6 @@ ospfd_shutdown(void)
        msgbuf_clear(&iev_rde->ibuf.w);
        close(iev_rde->ibuf.fd);
 
-       control_cleanup(ospfd_conf->csock);
        while ((r = SIMPLEQ_FIRST(&ospfd_conf->redist_list)) != NULL) {
                SIMPLEQ_REMOVE_HEAD(&ospfd_conf->redist_list, entry);
                free(r);

Reply via email to