Hi benno,
If you remove "include" then please make the unveil next to pledge like
the below, that way we know right away why exactly we need rpath for in
pledge.
Also, you only need unveil(NULL, NULL) if you're not actually calling pledge
somewhere down the code.
Index: rad.c
===================================================================
RCS file: /cvs/src/usr.sbin/rad/rad.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 rad.c
--- rad.c 28 Jun 2019 13:32:49 -0000 1.21
+++ rad.c 27 Nov 2019 12:08:47 -0000
@@ -301,6 +301,8 @@ main(int argc, char *argv[])
main_imsg_compose_frontend_fd(IMSG_CONTROLFD, 0, control_fd);
main_imsg_send_config(main_conf);
+ if (unveil(conffile, "r") == -1)
+ fatal("unveil");
if (pledge("stdio rpath sendfd", NULL) == -1)
fatal("pledge");
On 19:22 Tue 26 Nov , Sebastian Benoit wrote:
> Sebastian Benoit(be...@openbsd.org) on 2019.11.26 18:46:11 +0100:
> >
> > remove include statement and unveil() rad.
> >
> > ok?
>
>
> diff --git usr.sbin/rad/parse.y usr.sbin/rad/parse.y
> index bb18c3d9c9c..443cff66065 100644
> --- usr.sbin/rad/parse.y
> +++ usr.sbin/rad/parse.y
> @@ -112,7 +112,7 @@ typedef struct {
>
> %}
>
> -%token RA_IFACE YES NO INCLUDE ERROR
> +%token RA_IFACE YES NO ERROR
> %token DEFAULT ROUTER HOP LIMIT MANAGED ADDRESS
> %token CONFIGURATION OTHER LIFETIME REACHABLE TIME RETRANS TIMER
> %token AUTO PREFIX VALID PREFERRED LIFETIME ONLINK AUTONOMOUS
> @@ -134,21 +134,6 @@ grammar : /* empty */
> | grammar error '\n' { file->errors++; }
> ;
>
> -include : INCLUDE STRING {
> - struct file *nfile;
> -
> - if ((nfile = pushfile($2, 0)) == NULL) {
> - yyerror("failed to include file %s", $2);
> - free($2);
> - YYERROR;
> - }
> - free($2);
> -
> - file = nfile;
> - lungetc('\n');
> - }
> - ;
> -
> string : string STRING {
> if (asprintf(&$$, "%s %s", $1, $2) == -1) {
> free($1);
> @@ -428,7 +413,6 @@ lookup(char *s)
> {"default", DEFAULT},
> {"dns", DNS},
> {"hop", HOP},
> - {"include", INCLUDE},
> {"interface", RA_IFACE},
> {"lifetime", LIFETIME},
> {"limit", LIMIT},
> diff --git usr.sbin/rad/rad.c usr.sbin/rad/rad.c
> index 93675167b6b..3a79a08d3db 100644
> --- usr.sbin/rad/rad.c
> +++ usr.sbin/rad/rad.c
> @@ -296,6 +296,11 @@ main(int argc, char *argv[])
> if ((control_fd = control_init(csock)) == -1)
> fatalx("control socket setup failed");
>
> + if (unveil(conffile, "r") == -1)
> + err(1, "unveil");
> + if (unveil(NULL, NULL) == -1)
> + err(1, "unveil");
> +
> main_imsg_compose_frontend_fd(IMSG_ICMP6SOCK, 0, icmp6sock);
> main_imsg_compose_frontend_fd(IMSG_ROUTESOCK, 0, frontend_routesock);
> main_imsg_compose_frontend_fd(IMSG_CONTROLFD, 0, control_fd);
> diff --git usr.sbin/rad/rad.conf.5 usr.sbin/rad/rad.conf.5
> index d4ca72f4639..ea0cb95d77e 100644
> --- usr.sbin/rad/rad.conf.5
> +++ usr.sbin/rad/rad.conf.5
> @@ -50,10 +50,6 @@ sends IPv6 router advertisement messages.
> This section defines on which interfaces to advertise prefix information
> and their associated parameters.
> .El
> -.Pp
> -Additional configuration files can be included with the
> -.Ic include
> -keyword.
> .Sh MACROS
> Macros can be defined that will later be expanded in context.
> Macro names must start with a letter, digit, or underscore,
>
