no pcap file from isakmpd in OBSD6.6

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

no pcap file from isakmpd in OBSD6.6

Christoph Leser-2
Hi,

after upgrading openbsd6.5 to oopenbsd6.6 using sysupgrade isakmpd does no longer write pcap files in /var/run.

In /var/log/messages we see the following message:

isakmpd[7385]: log_packet_init: fopen ("/var/run/isakmpd.pcap", "w") failed: Permission denied

Any ideas?

Mit freundlichen Grüßen / Best regards / Meilleures salutations


Christoph Leser
Systemtechnik
 

S&P Computersysteme GmbH
Systemhaus für Logistik
Zettachring 4
70567Stuttgart
www.sup-logistik.de

T: +49 711 726 41-0
F: +49 711 726 41-70
[hidden email]


   

Amtsgericht Stuttgart HRB 11921
Geschäftsführer: Horst Reichert, Rémy El Abd

Informationspflicht zur Datenverarbeitung:
Kunden: Hier >> 
Dienstleister / Lieferanten: Hier>>

Reply | Threaded
Open this post in threaded view
|

Re: no pcap file from isakmpd in OBSD6.6

Theo de Raadt-2
m_priv_local_sanitize_path() contains some realpath() checks.

I think this is either exposing realpath() abuse( as a result of the
new in-kernel realpath to support unveil better), or it is hitting the
realpath() bug which was fixed post-release?

Christoph Leser <[hidden email]> wrote:

> Hi,
>
> after upgrading openbsd6.5 to oopenbsd6.6 using sysupgrade isakmpd does no longer write pcap files in /var/run.
>
> In /var/log/messages we see the following message:
>
> isakmpd[7385]: log_packet_init: fopen ("/var/run/isakmpd.pcap", "w") failed: Permission denied
>
> Any ideas?
>
> Mit freundlichen Grüßen / Best regards / Meilleures salutations
>
>
> Christoph Leser
> Systemtechnik
>  
>
> S&P Computersysteme GmbH
> Systemhaus für Logistik
> Zettachring 4
> 70567Stuttgart
> www.sup-logistik.de
>
> T: +49 711 726 41-0
> F: +49 711 726 41-70
> [hidden email]
>
>
>    
>
> Amtsgericht Stuttgart HRB 11921
> Geschäftsführer: Horst Reichert, Rémy El Abd
>
> Informationspflicht zur Datenverarbeitung:
> Kunden: Hier >> 
> Dienstleister / Lieferanten: Hier>>
>

Reply | Threaded
Open this post in threaded view
|

Re: no pcap file from isakmpd in OBSD6.6

Marko Cupać
> Christoph Leser <[hidden email]> wrote:
>
>> Hi,
>>
>> after upgrading openbsd6.5 to oopenbsd6.6 using sysupgrade isakmpd
>> does no longer write pcap files in /var/run.
>>
>> In /var/log/messages we see the following message:
>>
>> isakmpd[7385]: log_packet_init: fopen ("/var/run/isakmpd.pcap", "w")
>> failed: Permission denied

On 2019-12-03 19:30, Theo de Raadt wrote:
> m_priv_local_sanitize_path() contains some realpath() checks.
>
> I think this is either exposing realpath() abuse( as a result of the
> new in-kernel realpath to support unveil better), or it is hitting the
> realpath() bug which was fixed post-release?

I get similar message when trying to report information about SAs to
isakmpd.results through isakmpd.fifo on 6.6.

echo "S" > /var/run/isakmpd.fifo

...(as root) doesn't return anything, doesn't create results file, and
gives error message in log:

Feb  6 21:20:16 kerber isakmpd[36105]: ui_open_result: fopen() failed:
Permission denied

If someone knows about some workaround for obtaining isakmpd.results
on 6.6 I'd be very grateful (or at least binary patch :D )

--
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/