On Sun, Oct 28, 2018 at 03:58:53PM +0100, Florian Obser wrote: > Sorry, I'm on a phone. The diff context looks like the control FD is already > open at this point. Does ospfd later re-open it? >
No it does not. It deletes the control socket during shutdown. > On October 27, 2018 11:25:58 PM GMT+02:00, Remi Locherer > <[email protected]> wrote: > >On Fri, Oct 26, 2018 at 10:19:01AM -0600, Theo de Raadt wrote: > >> Remi Locherer <[email protected]> wrote: > >> > >> > On Fri, Oct 26, 2018 at 06:01:40PM +0200, Florian Obser wrote: > >> > > This breaks usage of the "include" keyword. Something that all > >the parse.y daemons support. > >> > > > >> > > >> > Oh, of course! > >> > > >> > I guess this is similar to unveil files based on a list of command > >line args. > >> > >> correct. > >> > >> Now that unveil is used in the tree, there are 3 types of programs > >> > >> 1) they use unveil > >> 2) they use pledge, heading close towards "stdio" without a "*path" > >> 3) they access arbitrary files based upon argv > >> > >> this is (3), except not argv, it nested inside the config file > >> > >> Well there are maybe 20 programs beyond that which aren't converted > >yet, > >> but things are looking pretty good. > >> > > > >Since ospfd is not suppose to write or execute files we could make the > >file system read only (with the exception of the control socket). > > > >(Once we can add pledge to ospfd's parent proc this will probably not > >make > >sense anymore.) > > > > > > > >cvs diff: Diffing . > >Index: ospfd.c > >=================================================================== > >RCS file: /cvs/src/usr.sbin/ospfd/ospfd.c,v > >retrieving revision 1.100 > >diff -u -p -r1.100 ospfd.c > >--- ospfd.c 29 Aug 2018 08:43:17 -0000 1.100 > >+++ ospfd.c 27 Oct 2018 07:28:58 -0000 > >@@ -278,6 +278,13 @@ main(int argc, char *argv[]) > > fatalx("control socket setup failed"); > > main_imsg_compose_ospfe_fd(IMSG_CONTROLFD, 0, control_fd); > > > >+ if (unveil("/", "r") == -1) > >+ fatal("unveil"); > >+ if (unveil(ospfd_conf->csock, "c") == -1) > >+ fatal("unveil"); > >+ if (unveil(NULL, NULL) == -1) > >+ fatal("unveil"); > >+ > > if (kr_init(!(ospfd_conf->flags & OSPFD_FLAG_NO_FIB_UPDATE), > > ospfd_conf->rdomain, ospfd_conf->redist_label_or_prefix) == -1) > > fatalx("kr_init failed");
