rpki-client lock down rsync process further

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

rpki-client lock down rsync process further

Claudio Jeker
There is no need for cpath or the unveil of . in the rsync process.
That process just does fork+exec for rsync.
Removing the unveil pledge is the same as unveil(NULL, NULL) so skip that
too.

OK?
--
:wq Claudio

Index: main.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision 1.104
diff -u -p -r1.104 main.c
--- main.c 22 Feb 2021 09:46:05 -0000 1.104
+++ main.c 23 Feb 2021 10:42:24 -0000
@@ -941,8 +941,7 @@ main(int argc, char *argv[])
  if (fchdir(cachefd) == -1)
  err(1, "fchdir");
 
- if (pledge("stdio rpath cpath proc exec unveil", NULL)
-    == -1)
+ if (pledge("stdio rpath proc exec unveil", NULL) == -1)
  err(1, "pledge");
 
  proc_rsync(rsync_prog, bind_addr, fd[0]);
Index: rsync.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rsync.c,v
retrieving revision 1.18
diff -u -p -r1.18 rsync.c
--- rsync.c 19 Feb 2021 08:14:49 -0000 1.18
+++ rsync.c 23 Feb 2021 10:41:50 -0000
@@ -160,13 +160,6 @@ proc_rsync(char *prog, char *bind_addr,
  } else if (unveil(prog, "x") == -1)
  err(1, "%s: unveil", prog);
 
- /* Unveil the repository directory and terminate unveiling. */
-
- if (unveil(".", "c") == -1)
- err(1, "unveil");
- if (unveil(NULL, NULL) == -1)
- err(1, "unveil");
-
  if (pledge("stdio proc exec", NULL) == -1)
  err(1, "pledge");
 

Reply | Threaded
Open this post in threaded view
|

Re: rpki-client lock down rsync process further

Theo de Raadt-2
OK with me.

I'll say it again, the unveils in here are misguided.  Almost as
misguided as the mmap's (which prevents large file transfer, and
there are other problems..)


Claudio Jeker <[hidden email]> wrote:

> There is no need for cpath or the unveil of . in the rsync process.
> That process just does fork+exec for rsync.
> Removing the unveil pledge is the same as unveil(NULL, NULL) so skip that
> too.
>
> OK?
> --
> :wq Claudio
>
> Index: main.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
> retrieving revision 1.104
> diff -u -p -r1.104 main.c
> --- main.c 22 Feb 2021 09:46:05 -0000 1.104
> +++ main.c 23 Feb 2021 10:42:24 -0000
> @@ -941,8 +941,7 @@ main(int argc, char *argv[])
>   if (fchdir(cachefd) == -1)
>   err(1, "fchdir");
>  
> - if (pledge("stdio rpath cpath proc exec unveil", NULL)
> -    == -1)
> + if (pledge("stdio rpath proc exec unveil", NULL) == -1)
>   err(1, "pledge");
>  
>   proc_rsync(rsync_prog, bind_addr, fd[0]);
> Index: rsync.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/rsync.c,v
> retrieving revision 1.18
> diff -u -p -r1.18 rsync.c
> --- rsync.c 19 Feb 2021 08:14:49 -0000 1.18
> +++ rsync.c 23 Feb 2021 10:41:50 -0000
> @@ -160,13 +160,6 @@ proc_rsync(char *prog, char *bind_addr,
>   } else if (unveil(prog, "x") == -1)
>   err(1, "%s: unveil", prog);
>  
> - /* Unveil the repository directory and terminate unveiling. */
> -
> - if (unveil(".", "c") == -1)
> - err(1, "unveil");
> - if (unveil(NULL, NULL) == -1)
> - err(1, "unveil");
> -
>   if (pledge("stdio proc exec", NULL) == -1)
>   err(1, "pledge");
>  
>