From: claudio Date: Fri, 19 Mar 2021 09:43:59 +0000 (+0000) Subject: Delay chdir to the cache directory to after parsing the tal files. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=e80bbcffbd6cb7427b8243c2876a3697d21b458f;p=openbsd Delay chdir to the cache directory to after parsing the tal files. Using the -t option relative locations can be passed as tal locations and so the process can not chdir until these files were read. OK job@ --- diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index 07be2038cb6..d586b11cb9c 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.120 2021/03/18 14:05:44 claudio Exp $ */ +/* $OpenBSD: main.c,v 1.121 2021/03/19 09:43:59 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -962,10 +962,6 @@ main(int argc, char *argv[]) if (talsz == 0) err(1, "no TAL files found in %s", "/etc/rpki"); - /* change working directory to the cache directory */ - if (fchdir(cachefd) == -1) - err(1, "fchdir"); - /* * Create the file reader as a jailed child process. * It will be responsible for reading all of the files (ROAs, @@ -980,6 +976,10 @@ main(int argc, char *argv[]) if (procpid == 0) { close(fd[1]); + /* change working directory to the cache directory */ + if (fchdir(cachefd) == -1) + err(1, "fchdir"); + /* Only allow access to the cache directory. */ if (unveil(".", "r") == -1) err(1, "%s: unveil", cachedir); @@ -1009,6 +1009,10 @@ main(int argc, char *argv[]) close(proc); close(fd[1]); + /* change working directory to the cache directory */ + if (fchdir(cachefd) == -1) + err(1, "fchdir"); + if (pledge("stdio rpath proc exec unveil", NULL) == -1) err(1, "pledge"); @@ -1087,6 +1091,10 @@ main(int argc, char *argv[]) for (i = 0; i < talsz; i++) queue_add_tal(tals[i]); + /* change working directory to the cache directory */ + if (fchdir(cachefd) == -1) + err(1, "fchdir"); + while (entity_queue > 0 && !killme) { pfd[0].events = POLLIN; if (rsyncq.queued)