diff options
| author | remi <remi@cvs.openbsd.org> | 2018-10-29 22:13:34 +0000 |
|---|---|---|
| committer | remi <remi@cvs.openbsd.org> | 2018-10-29 22:13:34 +0000 |
| commit | 87e3b47db8a6939d760727d7fccff7f833fbbfb4 (patch) | |
| tree | 62c978556b739aaf313c7cd9eee928d60a4229ca /usr.sbin | |
| parent | 242f3b0bf2660ef222f6cc9511273ed070914ab1 (diff) | |
The parent process of ospfd is not supposed to write or execute files.
Unveil "/" readonly and allow to cleanup the control socket on exit.
Just unveiling ospfd.conf is not possible since it can contain an arbitrary
number of includes.
ok benno@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/ospfd/ospfd.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/usr.sbin/ospfd/ospfd.c b/usr.sbin/ospfd/ospfd.c index df80b65733e..8052ab49394 100644 --- a/usr.sbin/ospfd/ospfd.c +++ b/usr.sbin/ospfd/ospfd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ospfd.c,v 1.100 2018/08/29 08:43:17 remi Exp $ */ +/* $OpenBSD: ospfd.c,v 1.101 2018/10/29 22:13:33 remi Exp $ */ /* * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org> @@ -278,6 +278,13 @@ main(int argc, char *argv[]) fatalx("control socket setup failed"); main_imsg_compose_ospfe_fd(IMSG_CONTROLFD, 0, control_fd); + if (unveil("/", "r") == -1) + fatal("unveil"); + if (unveil(ospfd_conf->csock, "c") == -1) + fatal("unveil"); + if (unveil(NULL, NULL) == -1) + fatal("unveil"); + if (kr_init(!(ospfd_conf->flags & OSPFD_FLAG_NO_FIB_UPDATE), ospfd_conf->rdomain, ospfd_conf->redist_label_or_prefix) == -1) fatalx("kr_init failed"); |