On Sun, Oct 29, 2023 at 11:17:09AM +0000, Klemens Nanni wrote:
> Regular mode uses "stdio rpath inet dns proc"; "proc" to fork a child
> (no exec) unless '--debug nofork' or '--debug nodetach' is set.
>
> --inetd uses "stdio rpath".
>
> --pp requires "proc exec" to run, e.g. cpp(1) on the config file which
> which gets reloaded on SIGHUP: started with --pp means "proc exec" stay.
>
>
> "wpath cpath" are for log and/or pid files and dropped after setup.
> "getpw id" are for intitial privilege drop and dropped after setup.
>
> Works nicely for me with a config like our example.
> Tested with inetd.conf(5)
> [::1]:2628 stream tcp6 nowait root /usr/local/sbin/dictd dictd -i
>
> Pledges could perhaps start tighter and avoid later dropping, but too
> many nested `if (option-used)' levels make the code harder to follow, imho.
>
> Feedback? Objection? OK?
Rebased diff after Makefile changes.
Tests still pass with pledge.
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/dictd/Makefile,v
diff -u -p -r1.22 Makefile
--- Makefile 29 Oct 2023 16:55:58 -0000 1.22
+++ Makefile 29 Oct 2023 17:03:00 -0000
@@ -7,7 +7,7 @@ DISTNAME= dictd-$V
PKGNAME-main= dictd-client-$V
PKGNAME-server= dictd-server-$V
REVISION-main= 3
-REVISION-server=2
+REVISION-server=3
CATEGORIES= net education
@@ -17,6 +17,8 @@ MAINTAINER= Klemens Nanni <kn@openbsd.or
# GPL v2
PERMIT_PACKAGE= Yes
+
+# uses pledge()
WANTLIB= c maa z
SITES= ${SITE_SOURCEFORGE:=dict/}
Index: patches/patch-dictd_c
===================================================================
RCS file: /cvs/ports/net/dictd/patches/patch-dictd_c,v
diff -u -p -r1.1 patch-dictd_c
--- patches/patch-dictd_c 27 Oct 2023 18:51:10 -0000 1.1
+++ patches/patch-dictd_c 29 Oct 2023 17:03:00 -0000
@@ -1,9 +1,18 @@
-use dedicated _dictd user/group
+- use dedicated _dictd user/group
+- use pledge(2)
Index: dictd.c
--- dictd.c.orig
+++ dictd.c
-@@ -1269,9 +1272,9 @@ static void release_root_privileges( void )
+@@ -37,6 +37,7 @@
+ #include <ctype.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
++#include <unistd.h> /* pledge */
+
+ #define MAXPROCTITLE 2048 /* Maximum amount of proc title we'll use. */
+ #undef MIN
+@@ -1269,9 +1270,9 @@ static void release_root_privileges( void )
if (geteuid() == 0) {
struct passwd *pwd;
@@ -15,3 +24,67 @@ Index: dictd.c
setuid(pwd->pw_uid);
} else if ((pwd = getpwnam("nobody"))) {
setgid(pwd->pw_gid);
+@@ -1664,6 +1665,17 @@ int main (int argc, char **argv, char **envp)
+ default: help(); exit(0); break;
+ }
+
++#ifdef __OpenBSD__
++ /* no need for "inet dns" when talking to inetd(8) over stdin/out */
++ if (inetd) {
++ if (pledge("stdio rpath wpath cpath getpw proc exec id", NULL) == -1)
++ err_fatal_errno(__func__, "pledge");
++ } else {
++ if (pledge("stdio rpath wpath cpath inet dns getpw proc exec id", NULL) == -1)
++ err_fatal_errno(__func__, "pledge");
++ }
++
No comments:
Post a Comment