From d96abf21a3966da0fb86db483cb5759526b72e12 Mon Sep 17 00:00:00 2001 From: claudio Date: Thu, 4 Aug 2022 13:44:07 +0000 Subject: [PATCH] Once all files from argv have been read the main process can unveil to the cachedir and if output files are written to outputdir. In -f mode the unveil can be read-only in normal operation rwc is required because the main process writes the RRDP files and also does the cleanup at the end of the run. Input from tb@ and mestre@, OK tb@ --- usr.sbin/rpki-client/main.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index 4949d758329..91a15c820f7 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.208 2022/06/27 10:18:27 job Exp $ */ +/* $OpenBSD: main.c,v 1.209 2022/08/04 13:44:07 claudio Exp $ */ /* * Copyright (c) 2021 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -1006,8 +1006,7 @@ main(int argc, char *argv[]) signal(SIGALRM, suicide); } - /* TODO unveil cachedir and outputdir, no other access allowed */ - if (pledge("stdio rpath wpath cpath fattr sendfd", NULL) == -1) + if (pledge("stdio rpath wpath cpath fattr sendfd unveil", NULL) == -1) err(1, "pledge"); msgbuf_init(&procq); @@ -1048,7 +1047,17 @@ main(int argc, char *argv[]) if (filemode) { while (*argv != NULL) queue_add_file(*argv++, RTYPE_FILE, 0); + + if (unveil(cachedir, "r") == -1) + err(1, "unveil cachedir"); + } else { + if (unveil(outputdir, "rwc") == -1) + err(1, "unveil outputdir"); + if (unveil(cachedir, "rwc") == -1) + err(1, "unveil cachedir"); } + if (pledge("stdio rpath wpath cpath fattr sendfd", NULL) == -1) + err(1, "unveil"); /* change working directory to the cache directory */ if (fchdir(cachefd) == -1) -- 2.20.1