Re: unveil ospfd's parent proc

Sun, 28 Oct 2018 14:52:04 -0700 

On Sun, Oct 28, 2018 at 03:58:53PM +0100, Florian Obser wrote:
> Sorry, I'm on a phone. The diff context looks like the control FD is already 
> open at this point. Does ospfd later re-open it? 
> 

No it does not. It deletes the control socket during shutdown.

> On October 27, 2018 11:25:58 PM GMT+02:00, Remi Locherer 
> <remi.loche...@relo.ch> wrote:
> >On Fri, Oct 26, 2018 at 10:19:01AM -0600, Theo de Raadt wrote:
> >> Remi Locherer <remi.loche...@relo.ch> wrote:
> >> 
> >> > On Fri, Oct 26, 2018 at 06:01:40PM +0200, Florian Obser wrote:
> >> > > This breaks usage of the "include" keyword. Something that all
> >the parse.y daemons support.
> >> > > 
> >> > 
> >> > Oh, of course!
> >> > 
> >> > I guess this is similar to unveil files based on a list of command
> >line args.
> >> 
> >> correct.
> >> 
> >> Now that unveil is used in the tree, there are 3 types of programs
> >> 
> >>   1) they use unveil
> >>   2) they use pledge, heading close towards "stdio" without a "*path"
> >>   3) they access arbitrary files based upon argv
> >> 
> >> this is (3), except not argv, it nested inside the config file
> >> 
> >> Well there are maybe 20 programs beyond that which aren't converted
> >yet,
> >> but things are looking pretty good.
> >> 
> >
> >Since ospfd is not suppose to write or execute files we could make the
> >file system read only (with the exception of the control socket).
> >
> >(Once we can add pledge to ospfd's parent proc this will probably not
> >make
> >sense anymore.)
> >
> >
> >
> >cvs diff: Diffing .
> >Index: ospfd.c
> >===================================================================
> >RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v
> >retrieving revision 1.100
> >diff -u -p -r1.100 ospfd.c
> >--- ospfd.c  29 Aug 2018 08:43:17 -0000      1.100
> >+++ ospfd.c  27 Oct 2018 07:28:58 -0000
> >@@ -278,6 +278,13 @@ main(int argc, char *argv[])
> >             fatalx("control socket setup failed");
> >     main_imsg_compose_ospfe_fd(IMSG_CONTROLFD, 0, control_fd);
> > 
> >+    if (unveil("/", "r") == -1)
> >+            fatal("unveil");
> >+    if (unveil(ospfd_conf->csock, "c") == -1)
> >+            fatal("unveil");
> >+    if (unveil(NULL, NULL) == -1)
> >+            fatal("unveil");
> >+
> >     if (kr_init(!(ospfd_conf->flags & OSPFD_FLAG_NO_FIB_UPDATE),
> >         ospfd_conf->rdomain, ospfd_conf->redist_label_or_prefix) == -1)
> >             fatalx("kr_init failed");

Reply via email to