Re: pledge(2) unbound-checkconf(8)

Thu, 23 May 2019 02:29:53 -0700 

On 2019/05/22 14:12, Ricardo Mestre wrote:
> Hi,
> 
> unbound-checkconf(8) needs to chdir(2) and then open(2) the config file and
> to call getpwnam(3). This means it needs to pledge for rpath and getpw, but
> after calling getpwnam(3) the config file was already loaded so we can drop
> both promises afterwards.
> 
> Comments? OK?
> 
> Index: unbound-checkconf.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/unbound/smallapp/unbound-checkconf.c,v
> retrieving revision 1.11
> diff -u -p -u -r1.11 unbound-checkconf.c
> --- unbound-checkconf.c       8 Feb 2019 10:29:08 -0000       1.11
> +++ unbound-checkconf.c       22 May 2019 12:49:12 -0000
> @@ -588,6 +588,10 @@ morechecks(struct config_file* cfg)
>  #  endif
>       }
>  #endif
> +
> +     if (pledge("stdio", NULL) == -1)
> +             fatal_exit("Could not pledge");
> +
>       if(cfg->remote_control_enable && options_remote_is_address(cfg)
>               && cfg->control_use_cert) {
>               check_chroot_string("server-key-file", &cfg->server_key_file,
> @@ -724,6 +728,10 @@ int main(int argc, char* argv[])
>       if(argc == 1)
>               f = argv[0];
>       else    f = cfgfile;
> +
> +     if (pledge("stdio rpath getpw", NULL) == -1)
> +             fatal_exit("Could not pledge");
> +
>       checkconf(f, opt, final);
>       checklock_stop();
>       return 0;

Not ok - if you're using remote-control with certificates (for example,
to control remote unbound instances over a network connection) it hits the
following:

unbound-checkcon[21086]: pledge "rpath", syscall 38

(gdb) bt
#0  stat () at -:3
#1  0x000004da8ddd61dc in is_file (fname=0x4dd11e9e3c0 
"/var/unbound/etc/unbound_server.key")
    at /usr/src/usr.sbin/unbound/smallapp/unbound-checkconf.c:278
#2  0x000004da8ddd5f10 in check_chroot_string (desc=0x4da8dda7c5d 
"server-key-file", ss=0x4dca3ee33d0, 
    chrootdir=0x0, cfg=0x4dca3ee3000) at 
/usr/src/usr.sbin/unbound/smallapp/unbound-checkconf.c:335
#3  0x000004da8ddd5114 in morechecks (cfg=0x4dca3ee3000)
    at /usr/src/usr.sbin/unbound/smallapp/unbound-checkconf.c:597
#4  0x000004da8ddd4776 in checkconf (cfgfile=0x4da8dda9506 
"/var/unbound/etc/unbound.conf", opt=0x0, final=0)
    at /usr/src/usr.sbin/unbound/smallapp/unbound-checkconf.c:674
#5  0x000004da8ddd44e2 in main (argc=0, argv=0x7f7ffffd1850)
    at /usr/src/usr.sbin/unbound/smallapp/unbound-checkconf.c:735

Reply via email to