Re: unveil ospfd's parent proc

Sun, 28 Oct 2018 06:28:10 -0700 

Remi Locherer([email protected]) on 2018.10.27 23:25:58 +0200:
> On Fri, Oct 26, 2018 at 10:19:01AM -0600, Theo de Raadt wrote:
> > Remi Locherer <[email protected]> wrote:
> > 
> > > On Fri, Oct 26, 2018 at 06:01:40PM +0200, Florian Obser wrote:
> > > > This breaks usage of the "include" keyword. Something that all the 
> > > > parse.y daemons support.
> > > > 
> > > 
> > > Oh, of course!
> > > 
> > > I guess this is similar to unveil files based on a list of command line 
> > > args.
> > 
> > correct.
> > 
> > Now that unveil is used in the tree, there are 3 types of programs
> > 
> >   1) they use unveil
> >   2) they use pledge, heading close towards "stdio" without a "*path"
> >   3) they access arbitrary files based upon argv
> > 
> > this is (3), except not argv, it nested inside the config file
> > 
> > Well there are maybe 20 programs beyond that which aren't converted yet,
> > but things are looking pretty good.
> > 
> 
> Since ospfd is not suppose to write or execute files we could make the
> file system read only (with the exception of the control socket).
> 
> (Once we can add pledge to ospfd's parent proc this will probably not make
> sense anymore.)

I first wanted to say that this makes it impossible to change the socket...
until i realized that ospfd does not have that option in ospfd.conf (only
on the command line).

Which means i'm fine with this. ok benno@

> cvs diff: Diffing .
> Index: ospfd.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
> retrieving revision 1.100
> diff -u -p -r1.100 ospfd.c
> --- ospfd.c   29 Aug 2018 08:43:17 -0000      1.100
> +++ ospfd.c   27 Oct 2018 07:28:58 -0000
> @@ -278,6 +278,13 @@ main(int argc, char *argv[])
>               fatalx("control socket setup failed");
>       main_imsg_compose_ospfe_fd(IMSG_CONTROLFD, 0, control_fd);
>  
> +     if (unveil("/", "r") == -1)
> +             fatal("unveil");
> +     if (unveil(ospfd_conf->csock, "c") == -1)
> +             fatal("unveil");
> +     if (unveil(NULL, NULL) == -1)
> +             fatal("unveil");
> +
>       if (kr_init(!(ospfd_conf->flags & OSPFD_FLAG_NO_FIB_UPDATE),
>           ospfd_conf->rdomain, ospfd_conf->redist_label_or_prefix) == -1)
>               fatalx("kr_init failed");
>

Reply via email to