On Thu, Nov 07, 2019 at 11:08:38AM +0100, igor kos wrote:
> If I started isakmpd on OBSD 6.6:
>
> test66/etc/isakmpd>isakmpd -4 -K -T -d
> 154833.658332 Default isakmpd: starting [priv]
> 154833.660031 Default conf_reinit: open("/etc/isakmpd/isakmpd.conf",
> O_RDONLY, 0) failed: Permission denied
>
> But, older version OBSD didn't ask for isakmpd.conf, if I use -K switch:
This is a result of the changed realpath(3) behavior. isakmpd(8)
should be less clever and just use the errno from the system.
Could you test this diff?
bluhm
Index: sbin/isakmpd/monitor.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sbin/isakmpd/monitor.c,v
retrieving revision 1.77
diff -u -p -r1.77 monitor.c
--- sbin/isakmpd/monitor.c 28 Jun 2019 13:32:44 -0000 1.77
+++ sbin/isakmpd/monitor.c 7 Nov 2019 14:48:18 -0000
@@ -518,9 +518,9 @@ m_priv_getfd(void)
if ((ret = m_priv_local_sanitize_path(path, sizeof path, flags))
!= 0) {
- if (ret == 1)
+ if (errno != ENOENT)
log_print("m_priv_getfd: illegal path \"%s\"", path);
- err = EACCES;
+ err = errno;
v = -1;
} else {
if ((v = open(path, flags, mode)) == -1)
@@ -695,15 +695,8 @@ m_priv_local_sanitize_path(char *path, s
*/
if (realpath(path, new_path) == NULL ||
- realpath("/var/run", var_run) == NULL) {
- /*
- * We could not decide whether the path is ok or not.
- * Indicate this be returning 2.
- */
- if (errno == ENOENT)
- return 2;
- goto bad_path;
- }
+ realpath("/var/run", var_run) == NULL)
+ return 1;
strlcat(var_run, "/", sizeof(var_run));
if (strncmp(var_run, new_path, strlen(var_run)) == 0)
@@ -713,7 +706,7 @@ m_priv_local_sanitize_path(char *path, s
(flags & O_ACCMODE) == O_RDONLY)
return 0;
-bad_path:
+ errno = EACCES;
return 1;
}
