Re: pledge(2) unbound-checkconf(8)

Stuart Henderson Thu, 23 May 2019 05:18:40 -0700

On 2019/05/23 11:54, Ricardo Mestre wrote:
> bonkers my brain must have farted :\ rpath should be dropped after loading the
> certs. I just tested it with remote-control with certificates, could you
> please let me know if it works for you now?
> 
> Index: unbound-checkconf.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/unbound/smallapp/unbound-checkconf.c,v
> retrieving revision 1.11
> diff -u -p -u -r1.11 unbound-checkconf.c
> --- unbound-checkconf.c       8 Feb 2019 10:29:08 -0000       1.11
> +++ unbound-checkconf.c       23 May 2019 10:45:48 -0000
> @@ -602,6 +602,9 @@ morechecks(struct config_file* cfg)
>                               cfg->control_cert_file);
>       }
>  
> +     if (pledge("stdio", NULL) == -1)
> +             fatal_exit("Could not pledge");
> +
>       localzonechecks(cfg);
>       view_and_respipchecks(cfg);
>  #ifdef CLIENT_SUBNET
> @@ -724,6 +727,10 @@ int main(int argc, char* argv[])
>       if(argc == 1)
>               f = argv[0];
>       else    f = cfgfile;
> +
> +     if (pledge("stdio rpath getpw", NULL) == -1)
> +             fatal_exit("Could not pledge");
> +
>       checkconf(f, opt, final);
>       checklock_stop();
>       return 0;
> 
> On 10:29 Thu 23 May     , Stuart Henderson wrote:
> > Not ok - if you're using remote-control with certificates (for example,
> > to control remote unbound instances over a network connection) it hits the
> > following:
> > 
> > unbound-checkcon[21086]: pledge "rpath", syscall 38
> > 
> > (gdb) bt
> > #0  stat () at -:3
> > #1  0x000004da8ddd61dc in is_file (fname=0x4dd11e9e3c0 
> > "/var/unbound/etc/unbound_server.key")
> >     at /usr/src/usr.sbin/unbound/smallapp/unbound-checkconf.c:278
> > #2  0x000004da8ddd5f10 in check_chroot_string (desc=0x4da8dda7c5d 
> > "server-key-file", ss=0x4dca3ee33d0, 
> >     chrootdir=0x0, cfg=0x4dca3ee3000) at 
> > /usr/src/usr.sbin/unbound/smallapp/unbound-checkconf.c:335
> > #3  0x000004da8ddd5114 in morechecks (cfg=0x4dca3ee3000)
> >     at /usr/src/usr.sbin/unbound/smallapp/unbound-checkconf.c:597
> > #4  0x000004da8ddd4776 in checkconf (cfgfile=0x4da8dda9506 
> > "/var/unbound/etc/unbound.conf", opt=0x0, final=0)
> >     at /usr/src/usr.sbin/unbound/smallapp/unbound-checkconf.c:674
> > #5  0x000004da8ddd44e2 in main (argc=0, argv=0x7f7ffffd1850)
> >     at /usr/src/usr.sbin/unbound/smallapp/unbound-checkconf.c:735
> >


        check_mod(cfg, val_get_funcblock());

- needs to read the DNSSEC root key,

        check_hints(cfg);

- needs to read hints files,

        check_auth(cfg);

- needs to read zones

I think you could do this, though:

Index: smallapp/unbound-checkconf.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/smallapp/unbound-checkconf.c,v
retrieving revision 1.11
diff -u -p -r1.11 unbound-checkconf.c
--- smallapp/unbound-checkconf.c        8 Feb 2019 10:29:08 -0000       1.11
+++ smallapp/unbound-checkconf.c        23 May 2019 12:17:03 -0000
@@ -587,6 +587,10 @@ morechecks(struct config_file* cfg)
                endpwent();
 #  endif
        }
+
+       if (pledge("stdio rpath", NULL) == -1)
+               fatal_exit("Could not pledge");
+
 #endif
        if(cfg->remote_control_enable && options_remote_is_address(cfg)
                && cfg->control_use_cert) {
@@ -724,6 +728,10 @@ int main(int argc, char* argv[])
        if(argc == 1)
                f = argv[0];
        else    f = cfgfile;
+
+       if (pledge("stdio rpath getpw", NULL) == -1)
+               fatal_exit("Could not pledge");
+
        checkconf(f, opt, final);
        checklock_stop();
        return 0;

Re: pledge(2) unbound-checkconf(8)

Reply via email to