On Thu, Aug 04, 2022 at 12:24:03PM +0200, Theo Buehler wrote:
> On Thu, Aug 04, 2022 at 12:11:45PM +0200, Claudio Jeker wrote:
> > This diff adds unveil to the main process. This is done after all files
> > from the command line have been read. Both for regular and -f mode.
> > Once the args have been read the process can limit the access to the
> > cachedir and the output dir. In -f mode only read access to the cachdir is
> > required. In regular both cachedir and outputdir need rwc rights.
>
>
> >
> > --
> > :wq Claudio
> >
> > Index: main.c
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
> > retrieving revision 1.208
> > diff -u -p -r1.208 main.c
> > --- main.c 27 Jun 2022 10:18:27 -0000 1.208
> > +++ main.c 28 Jul 2022 16:57:16 -0000
> > @@ -1006,8 +1006,7 @@ main(int argc, char *argv[])
> > signal(SIGALRM, suicide);
> > }
> >
> > - /* TODO unveil cachedir and outputdir, no other access allowed */
> > - if (pledge("stdio rpath wpath cpath fattr sendfd", NULL) == -1)
> > + if (pledge("stdio rpath wpath cpath fattr sendfd unveil", NULL) == -1)
> > err(1, "pledge");
> >
> > msgbuf_init(&procq);
> > @@ -1049,6 +1048,18 @@ main(int argc, char *argv[])
> > while (*argv != NULL)
> > queue_add_file(*argv++, RTYPE_FILE, 0);
> > }
>
> This brace ends an if (filemode) block. I'm wondering if this would not
> be cleaner:
>
> if (filemode) {
> while (*argv != NULL)
> queue_add_file(*argv++, RTYPE_FILE, 0);
>
> if (unveil(cachedir, "r") == -1)
> err(1, "unveil cachedir");
> } else {
> if (unveil(outputdir, "rwc") == -1)
> err(1, "unveil outputdir");
> if (unveil(cachedir, "rwc") == -1)
> err(1, "unveil cachedir");
> }
> if (unveil(NULL, NULL) == -1)
> err(1, "unveil");
>
> Either way ok
Sure, good suggestion. Will commit that version.
--
:wq Claudio
