On Mon, Nov 05, 2018 at 12:30:08PM +0000, Ricardo Mestre wrote:
> Hi,
>
> dhclient(8)'s privileged process cannot be pledged yet due to some route
> related sysctl(2)'s, but it seems it only needs to access two files. One is
> /etc/resolv.conf with write/create permissions and saved_argv[0] (usually
> /sbin/dhclient) with execute since we may receive a SIGHUP and it will need to
> re-exec itself. We could go further and keep /etc/resolv.conf veiled if we
> superseed both domain-name and domain-name-servers in the config file, but it
> seems a bit overkill, and with the simple diff below I didn't have any
> problems.
>
> Comments? OK? Cluebat stick?
First I thougt the diff does not work:
typhoon ..n/dhclient$ doas obj/dhclient -d iwm0
fatal in iwm0 [priv]: unveil: No such file or directory
iwm0: DHCPREQUEST to 255.255.255.255
iwm0: unpriv_ibuf: ERR|HUP|NVAL
It does not work because "obj" is a symlink here. When called without
a symlink in the path it works as expected. The error message is a bit
awkward.
>
> Index: dhclient.c
> ===================================================================
> RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
> retrieving revision 1.581
> diff -u -p -u -r1.581 dhclient.c
> --- dhclient.c 4 Nov 2018 19:10:34 -0000 1.581
> +++ dhclient.c 5 Nov 2018 12:02:51 -0000
> @@ -2234,6 +2234,13 @@ fork_privchld(struct interface_info *ifi
> if ((routefd = socket(AF_ROUTE, SOCK_RAW, 0)) == -1)
> fatal("socket(AF_ROUTE, SOCK_RAW)");
>
> + if (unveil("/etc/resolv.conf", "wc") == -1)
> + fatal("unveil");
> + if (unveil(saved_argv[0], "x") == -1)
> + fatal("unveil");
> + if (unveil(NULL, NULL) == -1)
> + fatal("unveil");
> +
> while (quit == 0) {
> pfd[0].fd = priv_ibuf->fd;
> pfd[0].events = POLLIN;
>
