Re: unveil ospfd's parent proc

Sun, 28 Oct 2018 07:59:52 -0700 

Sorry, I'm on a phone. The diff context looks like the control FD is already 
open at this point. Does ospfd later re-open it? 

On October 27, 2018 11:25:58 PM GMT+02:00, Remi Locherer 
<remi.loche...@relo.ch> wrote:
>On Fri, Oct 26, 2018 at 10:19:01AM -0600, Theo de Raadt wrote:
>> Remi Locherer <remi.loche...@relo.ch> wrote:
>> 
>> > On Fri, Oct 26, 2018 at 06:01:40PM +0200, Florian Obser wrote:
>> > > This breaks usage of the "include" keyword. Something that all
>the parse.y daemons support.
>> > > 
>> > 
>> > Oh, of course!
>> > 
>> > I guess this is similar to unveil files based on a list of command
>line args.
>> 
>> correct.
>> 
>> Now that unveil is used in the tree, there are 3 types of programs
>> 
>>   1) they use unveil
>>   2) they use pledge, heading close towards "stdio" without a "*path"
>>   3) they access arbitrary files based upon argv
>> 
>> this is (3), except not argv, it nested inside the config file
>> 
>> Well there are maybe 20 programs beyond that which aren't converted
>yet,
>> but things are looking pretty good.
>> 
>
>Since ospfd is not suppose to write or execute files we could make the
>file system read only (with the exception of the control socket).
>
>(Once we can add pledge to ospfd's parent proc this will probably not
>make
>sense anymore.)
>
>
>
>cvs diff: Diffing .
>Index: ospfd.c
>===================================================================
>RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
>retrieving revision 1.100
>diff -u -p -r1.100 ospfd.c
>--- ospfd.c    29 Aug 2018 08:43:17 -0000      1.100
>+++ ospfd.c    27 Oct 2018 07:28:58 -0000
>@@ -278,6 +278,13 @@ main(int argc, char *argv[])
>               fatalx("control socket setup failed");
>       main_imsg_compose_ospfe_fd(IMSG_CONTROLFD, 0, control_fd);
> 
>+      if (unveil("/", "r") == -1)
>+              fatal("unveil");
>+      if (unveil(ospfd_conf->csock, "c") == -1)
>+              fatal("unveil");
>+      if (unveil(NULL, NULL) == -1)
>+              fatal("unveil");
>+
>       if (kr_init(!(ospfd_conf->flags & OSPFD_FLAG_NO_FIB_UPDATE),
>           ospfd_conf->rdomain, ospfd_conf->redist_label_or_prefix) == -1)
>               fatalx("kr_init failed");

Reply via email to