Sorry, I'm on a phone. The diff context looks like the control FD is already open at this point. Does ospfd later re-open it?
On October 27, 2018 11:25:58 PM GMT+02:00, Remi Locherer <remi.loche...@relo.ch> wrote: >On Fri, Oct 26, 2018 at 10:19:01AM -0600, Theo de Raadt wrote: >> Remi Locherer <remi.loche...@relo.ch> wrote: >> >> > On Fri, Oct 26, 2018 at 06:01:40PM +0200, Florian Obser wrote: >> > > This breaks usage of the "include" keyword. Something that all >the parse.y daemons support. >> > > >> > >> > Oh, of course! >> > >> > I guess this is similar to unveil files based on a list of command >line args. >> >> correct. >> >> Now that unveil is used in the tree, there are 3 types of programs >> >> 1) they use unveil >> 2) they use pledge, heading close towards "stdio" without a "*path" >> 3) they access arbitrary files based upon argv >> >> this is (3), except not argv, it nested inside the config file >> >> Well there are maybe 20 programs beyond that which aren't converted >yet, >> but things are looking pretty good. >> > >Since ospfd is not suppose to write or execute files we could make the >file system read only (with the exception of the control socket). > >(Once we can add pledge to ospfd's parent proc this will probably not >make >sense anymore.) > > > >cvs diff: Diffing . >Index: ospfd.c >=================================================================== >RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v >retrieving revision 1.100 >diff -u -p -r1.100 ospfd.c >--- ospfd.c 29 Aug 2018 08:43:17 -0000 1.100 >+++ ospfd.c 27 Oct 2018 07:28:58 -0000 >@@ -278,6 +278,13 @@ main(int argc, char *argv[]) > fatalx("control socket setup failed"); > main_imsg_compose_ospfe_fd(IMSG_CONTROLFD, 0, control_fd); > >+ if (unveil("/", "r") == -1) >+ fatal("unveil"); >+ if (unveil(ospfd_conf->csock, "c") == -1) >+ fatal("unveil"); >+ if (unveil(NULL, NULL) == -1) >+ fatal("unveil"); >+ > if (kr_init(!(ospfd_conf->flags & OSPFD_FLAG_NO_FIB_UPDATE), > ospfd_conf->rdomain, ospfd_conf->redist_label_or_prefix) == -1) > fatalx("kr_init failed");