diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2019-06-16 19:49:14 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2019-06-16 19:49:14 +0000 |
| commit | ae4e0bc7bbf947e8ac05f345ded904544bdc74ed (patch) | |
| tree | ec6eff19a378993249df66e8176d23f81280e32c /usr.sbin/acme-client/chngproc.c | |
| parent | 52f19d28350e8cb4cf29b8e5ff0df5a5a7a7a341 (diff) | |
Trade unveil(2) for chroot(2).
This uses less code and unveil(2) seems to be the better tool here.
The directory one chroots into needs to be carefully setup (they are
not) and comon wisedom is that root can break out of chroots.
There is probably nothing wrong with the chroot code because of pledge
but it still makes me feel uneasy.
input & OK on previous version mestre
OK on previous version deraadt
bug found, input & OK benno
Diffstat (limited to 'usr.sbin/acme-client/chngproc.c')
| -rw-r--r-- | usr.sbin/acme-client/chngproc.c | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/usr.sbin/acme-client/chngproc.c b/usr.sbin/acme-client/chngproc.c index 218b608000d..8b255647bed 100644 --- a/usr.sbin/acme-client/chngproc.c +++ b/usr.sbin/acme-client/chngproc.c @@ -1,4 +1,4 @@ -/* $Id: chngproc.c,v 1.13 2019/04/01 04:18:54 naddy Exp $ */ +/* $Id: chngproc.c,v 1.14 2019/06/16 19:49:13 florian Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -36,14 +36,12 @@ chngproc(int netsock, const char *root) enum chngop op; void *pp; - if (chroot(root) == -1) { - warn("chroot"); - goto out; - } - if (chdir("/") == -1) { - warn("chdir"); + + if (unveil(root, "wc") == -1) { + warn("unveil"); goto out; } + if (pledge("stdio cpath wpath", NULL) == -1) { warn("pledge"); goto out; @@ -80,6 +78,11 @@ chngproc(int netsock, const char *root) else if ((tok = readstr(netsock, COMM_TOK)) == NULL) goto out; + if (asprintf(&fmt, "%s.%s", tok, th) == -1) { + warn("asprintf"); + goto out; + } + /* Vector appending... */ pp = reallocarray(fs, (fsz + 1), sizeof(char *)); @@ -88,14 +91,13 @@ chngproc(int netsock, const char *root) goto out; } fs = pp; - fs[fsz] = tok; - tok = NULL; - fsz++; - - if (asprintf(&fmt, "%s.%s", fs[fsz - 1], th) == -1) { + if (asprintf(&fs[fsz], "%s/%s", root, tok) == -1) { warn("asprintf"); goto out; } + fsz++; + free(tok); + tok = NULL; /* * Create and write to our challenge file. @@ -121,7 +123,7 @@ chngproc(int netsock, const char *root) free(fmt); th = fmt = NULL; - dodbg("%s/%s: created", root, fs[fsz - 1]); + dodbg("%s: created", fs[fsz - 1]); /* * Write our acknowledgement. |