From de24a130308eec10d03bb92478730476392c3e86 Mon Sep 17 00:00:00 2001 From: remi Date: Sun, 4 Nov 2018 07:52:56 +0000 Subject: Pledge ripe and rde. Use unveil to remove file system access for the parent proc. Also remove control_cleanup as discussed on tech@. It allows to fully remove fs access (ripd does not support reload). It's not an issue for ripd and ripctrl if an unused socket file is lying around. reads OK for claudio@ and mestre@ --- usr.sbin/ripd/control.c | 10 +--------- usr.sbin/ripd/control.h | 3 +-- usr.sbin/ripd/rde.c | 5 ++++- usr.sbin/ripd/ripd.c | 8 ++++++-- usr.sbin/ripd/ripe.c | 5 ++++- 5 files changed, 16 insertions(+), 15 deletions(-) (limited to 'usr.sbin') diff --git a/usr.sbin/ripd/control.c b/usr.sbin/ripd/control.c index a36e65c40e1..c36818bad2e 100644 --- a/usr.sbin/ripd/control.c +++ b/usr.sbin/ripd/control.c @@ -1,4 +1,4 @@ -/* $OpenBSD: control.c,v 1.25 2017/01/17 22:10:56 krw Exp $ */ +/* $OpenBSD: control.c,v 1.26 2018/11/04 07:52:55 remi Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -100,14 +100,6 @@ control_listen(void) return (0); } -void -control_cleanup(char *path) -{ - event_del(&control_state.ev); - event_del(&control_state.evt); - unlink(path); -} - /* ARGSUSED */ void control_accept(int listenfd, short event, void *bula) diff --git a/usr.sbin/ripd/control.h b/usr.sbin/ripd/control.h index 98df4ee5645..5b443693bad 100644 --- a/usr.sbin/ripd/control.h +++ b/usr.sbin/ripd/control.h @@ -1,4 +1,4 @@ -/* $OpenBSD: control.h,v 1.5 2016/08/02 16:05:32 jca Exp $ */ +/* $OpenBSD: control.h,v 1.6 2018/11/04 07:52:55 remi Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -39,6 +39,5 @@ int control_listen(void); void control_accept(int, short, void *); void control_dispatch_imsg(int, short, void *); int control_imsg_relay(struct imsg *); -void control_cleanup(char *); #endif /* _CONTROL_H_ */ diff --git a/usr.sbin/ripd/rde.c b/usr.sbin/ripd/rde.c index 61085344060..73e15bfa130 100644 --- a/usr.sbin/ripd/rde.c +++ b/usr.sbin/ripd/rde.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde.c,v 1.21 2016/09/03 10:28:08 renato Exp $ */ +/* $OpenBSD: rde.c,v 1.22 2018/11/04 07:52:55 remi Exp $ */ /* * Copyright (c) 2006 Michele Marchetto @@ -109,6 +109,9 @@ rde(struct ripd_conf *xconf, int pipe_parent2rde[2], int pipe_ripe2rde[2], setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("can't drop privileges"); + if (pledge("stdio", NULL) == -1) + fatal("pledge"); + event_init(); /* setup signal handler */ diff --git a/usr.sbin/ripd/ripd.c b/usr.sbin/ripd/ripd.c index 1450973d9bd..4287fcf4f8c 100644 --- a/usr.sbin/ripd/ripd.c +++ b/usr.sbin/ripd/ripd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ripd.c,v 1.30 2016/09/03 10:28:08 renato Exp $ */ +/* $OpenBSD: ripd.c,v 1.31 2018/11/04 07:52:55 remi Exp $ */ /* * Copyright (c) 2006 Michele Marchetto @@ -211,6 +211,11 @@ main(int argc, char *argv[]) rde_pid = rde(conf, pipe_parent2rde, pipe_ripe2rde, pipe_parent2ripe); ripe_pid = ripe(conf, pipe_parent2ripe, pipe_ripe2rde, pipe_parent2rde); + if (unveil("/", "") == -1) + fatal("unveil"); + if (unveil(NULL, NULL) == -1) + fatal("unveil"); + event_init(); /* setup signal handler */ @@ -276,7 +281,6 @@ ripd_shutdown(void) if_del(i); } - control_cleanup(conf->csock); kr_shutdown(); log_debug("waiting for children to terminate"); diff --git a/usr.sbin/ripd/ripe.c b/usr.sbin/ripd/ripe.c index 2a10c003387..d83901e245f 100644 --- a/usr.sbin/ripd/ripe.c +++ b/usr.sbin/ripd/ripe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ripe.c,v 1.22 2016/09/03 10:28:08 renato Exp $ */ +/* $OpenBSD: ripe.c,v 1.23 2018/11/04 07:52:55 remi Exp $ */ /* * Copyright (c) 2006 Michele Marchetto @@ -196,6 +196,9 @@ ripe(struct ripd_conf *xconf, int pipe_parent2ripe[2], int pipe_ripe2rde[2], iface->name); } + if (pledge("stdio inet mcast", NULL) == -1) + fatal("pledge"); + evtimer_set(&oeconf->report_timer, report_timer, oeconf); start_report_timer(); -- cgit v1.2.3