any comments on the pledge(2) side of things?
On 14:12 Thu 08 Jul , Ricardo Mestre wrote:
> my eyes may be tricking me, but it looks like the main proc doesn't speak with
> sockets during the main loop and setpriority plus privdrop at this point are
> all
> set and done so pledge("inet id") are not required.
>
> I have it running for a couple of hours now without issues so far so is this
> change also OK?
>
> whole diff included, but if this is also OK I'll split them in 2 commits.
>
> Index: ntpd.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ntpd/ntpd.c,v
> retrieving revision 1.129
> diff -u -p -u -r1.129 ntpd.c
> --- ntpd.c 12 Feb 2020 19:14:56 -0000 1.129
> +++ ntpd.c 8 Jul 2021 10:58:59 -0000
> @@ -283,11 +283,9 @@ main(int argc, char *argv[])
> * Constraint processes are forked with certificates in memory,
> * then privdrop into chroot before speaking to the outside world.
> */
> - if (unveil(tls_default_ca_cert_file(), "r") == -1)
> - err(1, "unveil");
> if (unveil("/usr/sbin/ntpd", "x") == -1)
> err(1, "unveil");
> - if (pledge("stdio rpath inet settime proc exec id", NULL) == -1)
> + if (pledge("stdio settime proc exec", NULL) == -1)
> err(1, "pledge");
>
> while (quit == 0) {
>
> On 10:37 Thu 08 Jul , Klemens Nanni wrote:
> > On Thu, Jul 08, 2021 at 08:43:30AM +0100, Ricardo Mestre wrote:
> > > /etc/ssl/cert.pem is loaded into mem with tls_load_file(3) on local
> > > function
> > > priv_constraint_child() which is called before we reach the code below,
> > > therefore we don't need to unveil(2) it nor having pledge(2) "rpath".
> >
> > OK kn
>
