On 2019/10/07 12:30, Florian Obser wrote: > On Mon, Oct 07, 2019 at 11:16:22AM +0100, Stuart Henderson wrote: > > On 2019/10/07 09:53, Theo Buehler wrote: > > > $ doas /usr/sbin/unbound-anchor -v > > > /var/unbound/db/root.key has content > > > [1570433629] libunbound[28321:0] fatal error: could not open autotrust > > > file for writing, /var/unbound/db/root.key.28321-0-1966ee948e00: No such > > > file or directory > > > > > > The problem is the following change that came with the update to 1.9.3: > > > > > > - Add hex print of trust anchor pointer to trust anchor file temp > > > name to make it unique, for libunbound created multiple > > > contexts. > > > > > > See > > > https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/unbound/validator/autotrust.c.diff?r1=1.10&r2=1.11 > > > > > > Thus, the unveil code in smallapp/unbound-anchor.c needs some > > > adjustment. > > > > > > if (asprintf(&root_anchor_tempfile, "%s.%d-0", root_anchor_file, > > > getpid()) == -1) { > > > if(verb) printf("out of memory\n"); > > > exit(0); > > > } > > > > > > if (unveil(root_anchor_file, "rwc") == -1) > > > err(1, "unveil"); > > > if (unveil(root_anchor_tempfile, "rwc") == -1) > > > err(1, "unveil"); > > > > > > The problem is that tp used for tempfile generation is not yet known at > > > that point. Not sure how best to deal with this. > > > > Just unveil the directory? > > yes, however dirname(3) has this: > > CAVEATS > Other vendor implementations of dirname() may modify the contents of the > string passed to dirname(); this should be taken into account when > writing code which calls this function if portability is desired. > > I think we want a strdup here.
done, though it is openbsd-only code (and added some frees). Index: smallapp/unbound-anchor.c =================================================================== RCS file: /cvs/src/usr.sbin/unbound/smallapp/unbound-anchor.c,v retrieving revision 1.12 diff -u -p -r1.12 unbound-anchor.c --- smallapp/unbound-anchor.c 10 Jan 2019 12:13:44 -0000 1.12 +++ smallapp/unbound-anchor.c 7 Oct 2019 10:47:14 -0000 @@ -116,6 +116,7 @@ */ #include <err.h> +#include <libgen.h> #include <unistd.h> #include "config.h" @@ -2284,7 +2285,8 @@ int main(int argc, char* argv[]) const char* res_conf = NULL; const char* root_hints = NULL; const char* debugconf = NULL; - char* root_anchor_tempfile; + char* root_anchor_temppath; + char* s; int dolist=0, ip4only=0, ip6only=0, force=0, port = HTTPS_PORT; int res_conf_fallback = 0; /* parse the options */ @@ -2370,16 +2372,16 @@ int main(int argc, char* argv[]) if(dolist) do_list_builtin(); - if (asprintf(&root_anchor_tempfile, "%s.%d-0", root_anchor_file, - getpid()) == -1) { + s = strdup(root_anchor_file); + if (s == NULL || + asprintf(&root_anchor_temppath, "%s", dirname(s)) == -1) { if(verb) printf("out of memory\n"); exit(0); } - - if (unveil(root_anchor_file, "rwc") == -1) - err(1, "unveil"); - if (unveil(root_anchor_tempfile, "rwc") == -1) + if (unveil(root_anchor_temppath, "rwc") == -1) err(1, "unveil"); + free(root_anchor_temppath); + free(s); if (unveil(root_cert_file, "r") == -1) err(1, "unveil"); if (res_conf != NULL && unveil(res_conf, "r") == -1)