src - OpenBSD base system

diff options


context:
space:
mode:

author	Renato Westphal <renato@cvs.openbsd.org>	2016-05-23 19:16:01 +0000
committer	Renato Westphal <renato@cvs.openbsd.org>	2016-05-23 19:16:01 +0000
commit	95732ab88a662f585b052bfcc9ff881f527464be (patch)
tree	e1e218e91d36803ac7bb9b512004a3f559686dcb /usr.sbin/ldpd/ldpe.c
parent	bc3c7ad34d2a73973e0297c7ee4641c521b50a95 (diff)

Improve security by calling exec after fork.

For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process. Based on a similar patch for bgpd, from claudio@ Requested by deraadt@

Diffstat (limited to 'usr.sbin/ldpd/ldpe.c')

-rw-r--r--

usr.sbin/ldpd/ldpe.c

1 files changed, 29 insertions, 36 deletions

diff --git a/usr.sbin/ldpd/ldpe.c b/usr.sbin/ldpd/ldpe.c
index d2d1af291bb..53d4d79d8c4 100644
--- a/usr.sbin/ldpd/ldpe.c
+++ b/usr.sbin/ldpd/ldpe.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ldpe.c,v 1.60 2016/05/23 19:14:03 renato Exp $ */

+/* $OpenBSD: ldpe.c,v 1.61 2016/05/23 19:16:00 renato Exp $ */

@@ -66,24 +66,15 @@ ldpe_sig_handler(int sig, short event, void *bula)

/* label distribution protocol engine */

pid_t

-ldpe(struct ldpd_conf *xconf, int pipe_parent2ldpe[2], int pipe_ldpe2lde[2],

- int pipe_parent2lde[2])

+ldpe(int debug, int verbose)

{

- struct l2vpn *l2vpn;

struct passwd *pw;

struct event ev_sigint, ev_sigterm;

- pid_t pid;

- switch (pid = fork()) {

- case -1:

- fatal("cannot fork");

- case 0:

- break;

- default:

- return (pid);

- }

+ leconf = config_new_empty();

- leconf = xconf;

+ log_init(debug);

+ log_verbose(verbose);

setproctitle("ldp engine");

ldpd_process = PROC_LDP_ENGINE;

@@ -128,26 +119,11 @@ ldpe(struct ldpd_conf *xconf, int pipe_parent2ldpe[2], int pipe_ldpe2lde[2],

signal(SIGPIPE, SIG_IGN);

signal(SIGHUP, SIG_IGN);

- /* setup pipes */

- close(pipe_parent2ldpe[0]);

- close(pipe_ldpe2lde[1]);

- close(pipe_parent2lde[0]);

- close(pipe_parent2lde[1]);

- if ((iev_lde = malloc(sizeof(struct imsgev))) == NULL ||

- (iev_main = malloc(sizeof(struct imsgev))) == NULL)

+ /* setup pipe and event handler to the parent process */

+ if ((iev_main = malloc(sizeof(struct imsgev))) == NULL)

fatal(NULL);

- imsg_init(&iev_lde->ibuf, pipe_ldpe2lde[0]);

- iev_lde->handler = ldpe_dispatch_lde;

- imsg_init(&iev_main->ibuf, pipe_parent2ldpe[1]);

+ imsg_init(&iev_main->ibuf, 3);

iev_main->handler = ldpe_dispatch_main;

- /* setup event handler */

- iev_lde->events = EV_READ;

- event_set(&iev_lde->ev, iev_lde->ibuf.fd, iev_lde->events,

- iev_lde->handler, iev_lde);

- event_add(&iev_lde->ev, NULL);

iev_main->events = EV_READ;

event_set(&iev_main->ev, iev_main->ibuf.fd, iev_main->events,

iev_main->handler, iev_main);

@@ -174,10 +150,6 @@ ldpe(struct ldpd_conf *xconf, int pipe_parent2ldpe[2], int pipe_ldpe2lde[2],

if ((pkt_ptr = calloc(1, IBUF_READ_SIZE)) == NULL)

fatal(__func__);

- /* create targeted neighbors for l2vpn pseudowires */

- LIST_FOREACH(l2vpn, &leconf->l2vpn_list, entry)

- ldpe_l2vpn_init(l2vpn);

event_dispatch();

ldpe_shutdown();

@@ -308,6 +280,27 @@ ldpe_dispatch_main(int fd, short event, void *bula)

if_addr_del(imsg.data);

break;

+ case IMSG_SOCKET_IPC:

+ if (iev_lde) {

+ log_warnx("%s: received unexpected imsg fd "

+ "to lde", __func__);

+ break;

+ }

+ if ((fd = imsg.fd) == -1) {

+ log_warnx("%s: expected to receive imsg fd to "

+ "lde but didn't receive any", __func__);

+ break;

+ }

+ if ((iev_lde = malloc(sizeof(struct imsgev))) == NULL)

+ fatal(NULL);

+ imsg_init(&iev_lde->ibuf, fd);

+ iev_lde->handler = ldpe_dispatch_lde;

+ iev_lde->events = EV_READ;

+ event_set(&iev_lde->ev, iev_lde->ibuf.fd,

+ iev_lde->events, iev_lde->handler, iev_lde);

+ event_add(&iev_lde->ev, NULL);

+ break;

case IMSG_CLOSE_SOCKETS:

af = imsg.hdr.peerid;