j...@wxcvbn.org (Jérémie Courrèges-Anglas) writes:
> So I took look at which pledge requests rtadvd could use.
>
> Turns out it can't call pledge early, because it attempts to retrieve
> IPV6CTL_FORWARDING and pledge currently denies it. rtadvd is the only
> user of IPV6CTL_FORWARDING in base, so IMO it doesn't call for a change
> in kern_pledge.c. There are other exotic setsockopt calls that would
> probably prevent early pledge calls.
>
> Another minor issue is that pidfile(3) installs an atexit(3) handler
> that calls unlink(2). It makes little sense to have rtadvd slaughtered
> when it tries to unlink /var/run/rtadvd.pid, especially as that path
> isn't reachable anymore (rtadvd runs privdrop, chrooted). And it makes
> little sense to add "cpath" to the pledge request, just to have rtadvd
> exit properly. Let's not just write down a pid file.
>
> Thus, this diff does two things:
> - remove the use of pidfile(3). rc.d doesn't need this.
> - introduce a single, minimal pledge(2) request just before the main
> loop
>
> I'll probably commit the pidfile() removal and the pledge request in
> separate commits.
>
> Comments / oks?
Woops, I forgot the manpage bits:
Index: Makefile
===================================================================
RCS file: /cvs/src/usr.sbin/rtadvd/Makefile,v
retrieving revision 1.6
diff -u -p -r1.6 Makefile
--- Makefile 21 Apr 2008 20:40:55 -0000 1.6
+++ Makefile 25 Oct 2015 19:35:27 -0000
@@ -4,8 +4,6 @@ PROG= rtadvd
SRCS= rtadvd.c rrenum.c advcap.c if.c config.c timer.c dump.c log.c
CFLAGS+=-Wall
-LDADD+= -lutil
-DPADD+= ${LIBUTIL}
MAN= rtadvd.8 rtadvd.conf.5
.include <bsd.prog.mk>
Index: rtadvd.8
===================================================================
RCS file: /cvs/src/usr.sbin/rtadvd/rtadvd.8,v
retrieving revision 1.31
diff -u -p -r1.31 rtadvd.8
--- rtadvd.8 2 Jun 2015 16:02:45 -0000 1.31
+++ rtadvd.8 25 Oct 2015 20:07:25 -0000
@@ -147,12 +147,9 @@ will transmit router advertisement with
to all the interfaces
.Pq in accordance with RFC 4861 6.2.5 .
.Sh FILES
-.Bl -tag -width "/var/run/rtadvd.pidXX" -compact
+.Bl -tag -width "/etc/rtadvd.conf" -compact
.It Pa /etc/rtadvd.conf
The default configuration file.
-.It Pa /var/run/rtadvd.pid
-Contains the PID of the currently running
-.Nm .
.El
.Sh EXIT STATUS
.Ex -std rtadvd
Index: rtadvd.c
===================================================================
RCS file: /cvs/src/usr.sbin/rtadvd/rtadvd.c,v
retrieving revision 1.55
diff -u -p -r1.55 rtadvd.c
--- rtadvd.c 20 Aug 2015 22:39:29 -0000 1.55
+++ rtadvd.c 25 Oct 2015 19:36:38 -0000
@@ -55,7 +55,6 @@
#include <err.h>
#include <errno.h>
#include <string.h>
-#include <util.h>
#include <pwd.h>
#include "rtadvd.h"
@@ -224,10 +223,6 @@ main(argc, argv)
sock_open();
- /* record the current PID */
- if (pidfile(NULL) < 0)
- log_warnx("failed to open the pid log file, run anyway.");
-
if (sflag == 0) {
rtsock_open();
}
@@ -242,6 +237,9 @@ main(argc, argv)
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
fatal("cannot drop privileges");
+
+ if (pledge("stdio inet route", NULL) == -1)
+ err(1, "pledge");
npfd = 1;
pfd[0].fd = sock;
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
