sure you'll get EPERM and you can call it a day :)
but if you no longer need to call unveil again and pledge is in place just
remove its promise and if you try to call it your program will nicely abort
instead :D
On 08:59 Thu 04 Aug , Bryan Steele wrote:
> On Thu, Aug 04, 2022 at 12:47:36PM +0100, Ricardo Mestre wrote:
> > We are using pledge so if you don't remove the unveil permission it will be
> > allowed throughtout the entire process, so please just change unveil(NULL,
> > NULL)
> > to old previous pledge("stdio rpath wpath cpath fattr sendfd").
> >
> > Thank you :)
>
> Stylistically I agree.
>
> It's equivalent. unveil(2) will return EPERM once locked, even if the
> process hasn't dropped the unveil promise.
>
> > On 12:29 Thu 04 Aug , Claudio Jeker wrote:
> > > On Thu, Aug 04, 2022 at 12:24:03PM +0200, Theo Buehler wrote:
> > > > On Thu, Aug 04, 2022 at 12:11:45PM +0200, Claudio Jeker wrote:
> > > > > This diff adds unveil to the main process. This is done after all
> > > > > files
> > > > > from the command line have been read. Both for regular and -f mode.
> > > > > Once the args have been read the process can limit the access to the
> > > > > cachedir and the output dir. In -f mode only read access to the
> > > > > cachdir is
> > > > > required. In regular both cachedir and outputdir need rwc rights.
> > > >
> > > >
> > > > >
> > > > > --
> > > > > :wq Claudio
> > > > >
> > > > > Index: main.c
> > > > > ===================================================================
> > > > > RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
> > > > > retrieving revision 1.208
> > > > > diff -u -p -r1.208 main.c
> > > > > --- main.c 27 Jun 2022 10:18:27 -0000 1.208
> > > > > +++ main.c 28 Jul 2022 16:57:16 -0000
> > > > > @@ -1006,8 +1006,7 @@ main(int argc, char *argv[])
> > > > > signal(SIGALRM, suicide);
> > > > > }
> > > > >
> > > > > - /* TODO unveil cachedir and outputdir, no other access allowed
> > > > > */
> > > > > - if (pledge("stdio rpath wpath cpath fattr sendfd", NULL) == -1)
> > > > > + if (pledge("stdio rpath wpath cpath fattr sendfd unveil", NULL)
> > > > > == -1)
> > > > > err(1, "pledge");
> > > > >
> > > > > msgbuf_init(&procq);
> > > > > @@ -1049,6 +1048,18 @@ main(int argc, char *argv[])
> > > > > while (*argv != NULL)
> > > > > queue_add_file(*argv++, RTYPE_FILE, 0);
> > > > > }
> > > >
> > > > This brace ends an if (filemode) block. I'm wondering if this would not
> > > > be cleaner:
> > > >
> > > > if (filemode) {
> > > > while (*argv != NULL)
> > > > queue_add_file(*argv++, RTYPE_FILE, 0);
> > > >
> > > > if (unveil(cachedir, "r") == -1)
> > > > err(1, "unveil cachedir");
> > > > } else {
> > > > if (unveil(outputdir, "rwc") == -1)
> > > > err(1, "unveil outputdir");
> > > > if (unveil(cachedir, "rwc") == -1)
> > > > err(1, "unveil cachedir");
> > > > }
> > > > if (unveil(NULL, NULL) == -1)
> > > > err(1, "unveil");
> > > >
> > > > Either way ok
> > >
> > > Sure, good suggestion. Will commit that version.
> > >
> > > --
> > > :wq Claudio
> > >
> >
> >
>
