summaryrefslogtreecommitdiff
path: root/usr.bin/crontab
diff options
context:
space:
mode:
authorFlorian Obser <florian@cvs.openbsd.org>2019-02-10 14:10:23 +0000
committerFlorian Obser <florian@cvs.openbsd.org>2019-02-10 14:10:23 +0000
commit2a77d36c6ce9a87d98a5c47f05643c8f03971708 (patch)
tree5c2497b8f67d462542c105f1592431b55bdc91d4 /usr.bin/crontab
parent67e00c4a05c04521c57f02c4ba8cdba58564a0c5 (diff)
Simplify trust anchor handling.
Open trust anchor file for reading and writing on startup and pass it to the frontend process. The frontend process seeks and truncates the file apropriately when writing out new trust anchors learned via DNS but never closes the file. On error the file is truncated to zero length. This is in turn handled on startup by switching to the built in trust anchor when no trustanchor can be read from disk. This side steps the need for an unveil'ed directory with "c" permission and also removes the wpath and cpath pledges from the parent process. deraadt@ pointed out that my previous design didn't make sense and I had confused myself along the way. (It did work, but was too complicated for no good reason). While here validate that we actually read a trust anchor from disk by trying to parse it and checking that it is a DNSKEY. Unfortunately ub_ctx_add_ta() accepts just any string as a trust anchor without any validation.
Diffstat (limited to 'usr.bin/crontab')
0 files changed, 0 insertions, 0 deletions