Re: OpenBGPd error /bsd: bgpd(): syscall 105

Thu, 01 Oct 2015 09:24:51 -0700 

Atanas Vladimirov wrote:
> Snapshot from sep 30 bgpd didn't startup:
> Oct  1 08:32:28 ns /bsd: bgpd(28055): syscall 105
> Oct  1 08:32:28 ns bgpd[29697]: handle_pollfd: poll fd: Undefined error: 0
> Oct  1 08:32:28 ns bgpd[29697]: RDE: Lost connection to SE
> Oct  1 08:32:28 ns bgpd[27739]: handle_pollfd: poll fd: No such file or
> directory
> Oct  1 08:32:28 ns bgpd[29697]: handle_pollfd: poll fd: Undefined error: 0
> Oct  1 08:32:28 ns bgpd[29697]: RDE: Lost connection to SE control
> Oct  1 08:32:28 ns bgpd[27739]: main: Lost connection to SE
> Oct  1 08:32:28 ns bgpd[27739]: Lost child: session engine terminated;
> signal 9

This looks like a result of the new tame(2)ing. Below are the tame calls
that were just added to bgpd, according to Theo's diff.

Syscall 105 is setsockopt(2). Both "unix" and "inet" allow it. However,
the man page notes that "inet" restricts setsockopt significantly.
Because this error looks like it's happening within a setsockopt call,
maybe that's the issue. Changing "inet" to "unix" could potentially fix
it, as could refactoring the bgpd code.

I may have time to look into this more later.


Index: usr.sbin/bgpd/rde.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.339
diff -u -p -u -r1.339 rde.c
--- usr.sbin/bgpd/rde.c 21 Sep 2015 09:47:15 -0000      1.339
+++ usr.sbin/bgpd/rde.c 28 Sep 2015 20:15:11 -0000
@@ -30,6 +30,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <err.h>
 
 #include "bgpd.h"
 #include "mrt.h"
@@ -185,6 +186,9 @@ rde_main(int debug, int verbose)
            setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
            setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
                fatal("can't drop privileges");
+
+       if (tame("malloc unix cmsg", NULL) == -1)
+               err(1, "tame");
 
        signal(SIGTERM, rde_sighdlr);
        signal(SIGINT, rde_sighdlr);
Index: usr.sbin/bgpd/session.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/session.c,v
retrieving revision 1.340
diff -u -p -u -r1.340 session.c
--- usr.sbin/bgpd/session.c     4 Aug 2015 14:46:38 -0000       1.340
+++ usr.sbin/bgpd/session.c     28 Sep 2015 20:15:11 -0000
@@ -219,6 +219,9 @@ session_main(int debug, int verbose)
            setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
                fatal("can't drop privileges");
 
+       if (tame("malloc inet cmsg", NULL) == -1)
+               err(1, "tame");
+
        signal(SIGTERM, session_sighdlr);
        signal(SIGINT, session_sighdlr);
        signal(SIGPIPE, SIG_IGN);

Reply via email to