diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2015-11-05 18:00:44 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2015-11-05 18:00:44 +0000 |
| commit | 1787cb6e46c9d037e13d27850a09cb864ddfd70b (patch) | |
| tree | 017d3359f22cd3c69d7f732558c203fe1c5e1dd5 | |
| parent | 6d8e2cbbfe104331c205f997df064c0eff73e584 (diff) | |
pledge(2) for httpd.
1) The main process listens on sockets and accepts connections. It
creates and opens log files, creates and kills child processes. On
start up and on receiving a HUP signal it parses the configuration. It
passes on file descriptors for logging or requests to it's children.
2) The logger process writes log messages to a file descriptor passed
in from the main process.
3) The server process reads the request from a file descriptor passed
in from the main process. It reads a file or creates a directory index
to send a response.
Additionally this process handles fastcgi requests. It connects to
AF_UNIX, AF_INET or AF_INET6 sockets. A re-factoring might make it
possible to drop the additional fastcgi privileges when only static
files are served.
with deraadt@ some time ago
prodding & OK deraadt@
tweaks and OK reyk@
| -rw-r--r-- | usr.sbin/httpd/httpd.c | 6 | ||||
| -rw-r--r-- | usr.sbin/httpd/logger.c | 5 | ||||
| -rw-r--r-- | usr.sbin/httpd/server.c | 5 |
3 files changed, 13 insertions, 3 deletions
diff --git a/usr.sbin/httpd/httpd.c b/usr.sbin/httpd/httpd.c index 36c36741317..dee51a23f07 100644 --- a/usr.sbin/httpd/httpd.c +++ b/usr.sbin/httpd/httpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: httpd.c,v 1.45 2015/10/31 10:10:44 jung Exp $ */ +/* $OpenBSD: httpd.c,v 1.46 2015/11/05 18:00:43 florian Exp $ */ /* * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org> @@ -247,6 +247,10 @@ main(int argc, char *argv[]) setproctitle("parent"); + if (pledge("stdio rpath wpath cpath inet proc ioctl sendfd", + NULL) == -1) + fatal("pledge"); + event_init(); signal_set(&ps->ps_evsigint, SIGINT, parent_sig_handler, ps); diff --git a/usr.sbin/httpd/logger.c b/usr.sbin/httpd/logger.c index 4d3b741e7b6..8ed55576602 100644 --- a/usr.sbin/httpd/logger.c +++ b/usr.sbin/httpd/logger.c @@ -1,4 +1,4 @@ -/* $OpenBSD: logger.c,v 1.13 2015/08/20 13:00:23 reyk Exp $ */ +/* $OpenBSD: logger.c,v 1.14 2015/11/05 18:00:43 florian Exp $ */ /* * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org> @@ -70,6 +70,9 @@ logger_shutdown(void) void logger_init(struct privsep *ps, struct privsep_proc *p, void *arg) { + if (pledge("stdio recvfd", NULL) == -1) + fatal("pledge"); + if (config_init(ps->ps_env) == -1) fatal("failed to initialize configuration"); diff --git a/usr.sbin/httpd/server.c b/usr.sbin/httpd/server.c index 78fee8cd435..f50aa1b2f4d 100644 --- a/usr.sbin/httpd/server.c +++ b/usr.sbin/httpd/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.80 2015/09/11 13:21:09 jsing Exp $ */ +/* $OpenBSD: server.c,v 1.81 2015/11/05 18:00:43 florian Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -244,6 +244,9 @@ server_init(struct privsep *ps, struct privsep_proc *p, void *arg) /* Unlimited file descriptors (use system limits) */ socket_rlimit(-1); + if (pledge("stdio rpath inet unix recvfd", NULL) == -1) + fatal("pledge"); + #if 0 /* Schedule statistics timer */ evtimer_set(&env->sc_statev, server_statistics, NULL); |