Looks good to me.
Ricardo Mestre <[email protected]> wrote:
> ifstated(8) needs to load configfile from within the main loop, but also to
> reload it on SIGHUP so unveil(2) it with read permissions. Additionally all
> commands are exec'ed through /bin/sh instead of directly so we can just
> unveil(2) /bin/sh with x perms. Since /bin/sh is already used on another place
> I used _PATH_BSHELL.
>
> Both regress tests passed. Comments? OK?
>
> Index: ifstated.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ifstated/ifstated.c,v
> retrieving revision 1.61
> diff -u -p -u -r1.61 ifstated.c
> --- ifstated.c 30 Aug 2017 16:14:52 -0000 1.61
> +++ ifstated.c 30 Oct 2018 12:01:20 -0000
> @@ -31,6 +31,7 @@
> #include <net/route.h>
> #include <netinet/in.h>
>
> +#include <paths.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
> @@ -160,6 +161,10 @@ main(int argc, char *argv[])
> &rtfilter, sizeof(rtfilter)) == -1) /* not fatal */
> log_warn("%s: setsockopt tablefilter", __func__);
>
> + if (unveil(configfile, "r") == -1)
> + fatal("unveil");
> + if (unveil(_PATH_BSHELL, "x") == -1)
> + fatal("unveil");
> if (pledge("stdio rpath route proc exec", NULL) == -1)
> fatal("pledge");
>
> @@ -326,7 +331,7 @@ external_exec(struct ifsd_external *exte
> if (pid < 0) {
> log_warn("fork error");
> } else if (pid == 0) {
> - execv("/bin/sh", argp);
> + execv(_PATH_BSHELL, argp);
> _exit(1);
> /* NOTREACHED */
> } else {
