I have reviewed all the pledge using programs in the tree, and I do not see additional risk from this change.
Who wants to take care of the commit? Josh Rickmar <[email protected]> wrote: > The kern.somaxconn sysctl was previously permitted under the inet > pledge, which allowed pledged Go applications to listen on AF_INET and > AF_INET6 domains. > > https://marc.info/?l=openbsd-tech&m=158069595809463&w=2 > https://marc.info/?l=openbsd-cvs&m=158081099810301&w=2 > > But Go will also read this sysctl when only using unix domain sockets. > The patch below additionally permits reading this sysctl if the unix > pledge is granted. > > Note that for this to be tested and useful (where useful means not > running with the inet pledge), Go's net package also needs a patch: > https://gist.github.com/jrick/878236e2f3735d35d5a737936439cb81 > > diff b17f936e67043f9c006633bac4e3630f86dd05c2 /usr/src > blob - 9ffb7f2ffb9d05d6dd741e180b62141fb5e91f0b > file + sys/kern/kern_pledge.c > --- sys/kern/kern_pledge.c > +++ sys/kern/kern_pledge.c > @@ -888,7 +888,7 @@ pledge_sysctl(struct proc *p, int miblen, int *mib, vo > return (0); > } > > - if ((p->p_p->ps_pledge & PLEDGE_INET)) { > + if ((p->p_p->ps_pledge & (PLEDGE_INET | PLEDGE_UNIX))) { > if (miblen == 2 && /* kern.somaxconn */ > mib[0] == CTL_KERN && mib[1] == KERN_SOMAXCONN) > return (0); >
