Yep.
It is possible we need a better strategy --- like placing *all* original
argv in the [priv] title.
trondd <trondd@kagu-tsuchi.com> wrote:
> Stuart Henderson <stu@spacehopper.org> wrote:
>
> > On 2020-12-07, Harald Dunkel <harri@afaics.de> wrote:
> > > About the PIDs: Maybe a systctl like
> > >
> > > kernel.pid_max = 4194303
> > >
> > > known from other OSes could help to reduce the risk for PID conflicts.
> >
> > This doesn't help if you actually want reliability, rather than just
> > "reliable most of the time".
> >
> > There were also some concerns about what software would do with long
> > PIDs - even on a very basic level that adds another couple of columns
> > to top(1) output.
> >
> > > If you store the PID files on a volatile file system, so you can be sure
> > > they are gone on the next reboot, anyway.
> >
> > /var/run is cleared at boot anyway - the problem is pid reuse during
> > uptime of the system.
> >
> > One can check that the new pid is owned by a process of the correct name
> > - but then the problem returns, the process name doesn't have enough
> > information to uniquely identify it. And if that is fixed there's no
> > need to save the pid.
> >
> > So if there's a problem to be fixed, it is to get the information into
> > the other process string..
>
> I think the user is looking for something like this. Putting the interface
> name in the process title.
>
> Mabe this doesn't work for this use case or there is some other fallout.
> And there may be other tweaks needed to support it, I don't have a dog in the
> fight to go find them, though.
>
> Tim.
>
>
> Index: etc/rc.d/pflogd
> ===================================================================
> RCS file: /cvs/src/etc/rc.d/pflogd,v
> retrieving revision 1.3
> diff -u -p -r1.3 pflogd
> --- etc/rc.d/pflogd 11 Jan 2018 19:52:12 -0000 1.3
> +++ etc/rc.d/pflogd 7 Dec 2020 18:08:23 -0000
> @@ -6,7 +6,7 @@ daemon="/sbin/pflogd"
>
> . /etc/rc.d/rc.subr
>
> -pexp="pflogd: \[priv\]"
> +pexp="pflogd: \[priv\].*"
>
> rc_pre() {
> if pfctl -si | grep -q Enabled; then
> Index: sbin/pflogd/privsep.c
> ===================================================================
> RCS file: /cvs/src/sbin/pflogd/privsep.c,v
> retrieving revision 1.34
> diff -u -p -r1.34 privsep.c
> --- sbin/pflogd/privsep.c 27 Nov 2019 17:49:09 -0000 1.34
> +++ sbin/pflogd/privsep.c 7 Dec 2020 18:08:45 -0000
> @@ -131,7 +131,7 @@ priv_init(int Pflag, int argc, char *arg
> signal(SIGINT, sig_pass_to_chld);
> signal(SIGQUIT, sig_pass_to_chld);
>
> - setproctitle("[priv]");
> + setproctitle("[priv] %s", interface);
>
> if (unveil(_PATH_RESCONF, "r") == -1)
> err(1, "unveil");
>
No comments:
Post a Comment