Hi,
dhclient(8)'s privileged process cannot be pledged yet due to some route
related sysctl(2)'s, but it seems it only needs to access two files. One is
/etc/resolv.conf with write/create permissions and saved_argv[0] (usually
/sbin/dhclient) with execute since we may receive a SIGHUP and it will need to
re-exec itself. We could go further and keep /etc/resolv.conf veiled if we
superseed both domain-name and domain-name-servers in the config file, but it
seems a bit overkill, and with the simple diff below I didn't have any
problems.
Comments? OK? Cluebat stick?
Index: dhclient.c
===================================================================
RCS file: /cvs/src/sbin/dhclient/dhclient.c,v
retrieving revision 1.581
diff -u -p -u -r1.581 dhclient.c
--- dhclient.c 4 Nov 2018 19:10:34 -0000 1.581
+++ dhclient.c 5 Nov 2018 12:02:51 -0000
@@ -2234,6 +2234,13 @@ fork_privchld(struct interface_info *ifi
if ((routefd = socket(AF_ROUTE, SOCK_RAW, 0)) == -1)
fatal("socket(AF_ROUTE, SOCK_RAW)");
+ if (unveil("/etc/resolv.conf", "wc") == -1)
+ fatal("unveil");
+ if (unveil(saved_argv[0], "x") == -1)
+ fatal("unveil");
+ if (unveil(NULL, NULL) == -1)
+ fatal("unveil");
+
while (quit == 0) {
pfd[0].fd = priv_ibuf->fd;
pfd[0].events = POLLIN;
