Sebastian Benoit <[email protected]> wrote: > Remi Locherer([email protected]) on 2018.10.27 23:25:58 +0200: > > On Fri, Oct 26, 2018 at 10:19:01AM -0600, Theo de Raadt wrote: > > > Remi Locherer <[email protected]> wrote: > > > > > > > On Fri, Oct 26, 2018 at 06:01:40PM +0200, Florian Obser wrote: > > > > > This breaks usage of the "include" keyword. Something that all the > > > > > parse.y daemons support. > > > > > > > > > > > > > Oh, of course! > > > > > > > > I guess this is similar to unveil files based on a list of command line > > > > args. > > > > > > correct. > > > > > > Now that unveil is used in the tree, there are 3 types of programs > > > > > > 1) they use unveil > > > 2) they use pledge, heading close towards "stdio" without a "*path" > > > 3) they access arbitrary files based upon argv > > > > > > this is (3), except not argv, it nested inside the config file > > > > > > Well there are maybe 20 programs beyond that which aren't converted yet, > > > but things are looking pretty good. > > > > > > > Since ospfd is not suppose to write or execute files we could make the > > file system read only (with the exception of the control socket). > > > > (Once we can add pledge to ospfd's parent proc this will probably not make > > sense anymore.) > > I first wanted to say that this makes it impossible to change the socket... > until i realized that ospfd does not have that option in ospfd.conf (only > on the command line). > > Which means i'm fine with this. ok benno@
It is such a nice containment, we should perhaps look at other daemons which do re-parsing, and see if they should lose the ability to create files.
