The diff below adds pledge("stdio") calls for the pfkey dump subset
of ipsecctl commands.
In particular ipsecctl -s which prints all SAs or flows in the kernel
and more importantly ipsecctl -m which contiously parses and prints every
pfkey message forwarded by the kernel don't seem to need any additional
privileges after setting up pfkey sockets and sysctls.
ok?
Index: ipsecctl.c
===================================================================
RCS file: /cvs/src/sbin/ipsecctl/ipsecctl.c,v
retrieving revision 1.85
diff -u -p -r1.85 ipsecctl.c
--- ipsecctl.c 7 Mar 2023 17:43:59 -0000 1.85
+++ ipsecctl.c 8 Oct 2023 22:16:59 -0000
@@ -625,6 +625,9 @@ ipsecctl_get_rules(struct ipsecctl *ipse
if (msg->sadb_msg_len == 0)
break;
+ if (pledge("stdio", NULL) == -1)
+ err(1, "pledge");
+
rule = calloc(1, sizeof(struct ipsec_rule));
if (rule == NULL)
err(1, "ipsecctl_get_rules: calloc");
@@ -739,6 +742,10 @@ ipsecctl_show_sas(int opts)
err(1, "ipsecctl_show_sas: malloc");
if (sysctl(mib, 5, buf, &need, NULL, 0) == -1)
err(1, "ipsecctl_show_sas: sysctl");
+
+ if (pledge("stdio", NULL) == -1)
+ err(1, "pledge");
+
sacount = 0;
lim = buf + need;
for (next = buf; next < lim;
Index: pfkey.c
===================================================================
RCS file: /cvs/src/sbin/ipsecctl/pfkey.c,v
retrieving revision 1.63
diff -u -p -r1.63 pfkey.c
--- pfkey.c 22 Oct 2021 12:30:54 -0000 1.63
+++ pfkey.c 8 Oct 2023 22:16:59 -0000
@@ -1324,6 +1324,9 @@ pfkey_monitor(int opts)
if (pfkey_promisc() < 0)
return -1;
+ if (pledge("stdio", NULL) == -1)
+ err(1, "pledge");
+
pfd[0].fd = fd;
pfd[0].events = POLLIN;
for (;;) {
