Hi Stuart, Great :) I have tested -y/-Y myself and didn't have any issues, but would like some more people to give it a go to ensure this is not committed without proper validation.
On 10/12/2015 17:26, Stuart Henderson wrote: > On 2015/12/02 12:14, Ricardo Mestre wrote: >> Hi tech@ >> >> This is a revised version of pledging dhcpd(8) with earler pledging. >> >> Hoist up sync_init() due to a multicast setsockopt(2) (IP_MULTICAST_TTL) that >> pledge doesn't allow, also hoist up the daemon(3) section, getpwnam(3) and >> the >> check if arguments -A, -C or -L were used (pf table handling) since it calls >> 2 ioctl(2)'s that pledge pf doesn't allow. >> >> After this if !udpsockmode then apply the following annotations: >> >> "rpath": >> icmp_startup()->getprotobyname(3)->read /etc/protocols >> "inet": >> icmp_startup()->socket(2) >> "sendfd": >> for sendmsg(2) in ICMP echo request >> "proc/id" >> chroot(2) and privdrop section >> >> If in udpsockmode then the pledge needs to happen inside udpsock_startup() >> instead of main() since setsockopt(2) IP_RECVIF is not allowed by pledge. >> After >> that happens then apply the same pledge with the annotations above, although >> additionally this code path also needs "route" for ioctl(2) SIOCGIFADDR. >> >> Just before the main loop of the program then it can drop to "stdio inet >> route >> sendfd" if in udpsockmode or else just to "stdio inet sendfd". >> >> Any comments with this implementation? Specifically for the UDP code path >> since >> I don't have at the moment a way to test DHCPINFORM requests on non Ethernet >> packets? > > Works for me in normal usage, and I've tested the UDP code path using > dhcping to localhost. > > I haven't tested -y/-Y or the PF table support. >
