Christoph Leser <christoph.le...@sup-logistik.de> wrote:
Hi,
after upgrading openbsd6.5 to oopenbsd6.6 using sysupgrade isakmpd
does no longer write pcap files in /var/run.
In /var/log/messages we see the following message:
isakmpd[7385]: log_packet_init: fopen ("/var/run/isakmpd.pcap", "w")
failed: Permission denied
On 2019-12-03 19:30, Theo de Raadt wrote:
m_priv_local_sanitize_path() contains some realpath() checks.
I think this is either exposing realpath() abuse( as a result of the
new in-kernel realpath to support unveil better), or it is hitting the
realpath() bug which was fixed post-release?
I get similar message when trying to report information about SAs to
isakmpd.results through isakmpd.fifo on 6.6.
echo "S" > /var/run/isakmpd.fifo
...(as root) doesn't return anything, doesn't create results file, and
gives error message in log:
Feb 6 21:20:16 kerber isakmpd[36105]: ui_open_result: fopen() failed:
Permission denied
If someone knows about some workaround for obtaining isakmpd.results
on 6.6 I'd be very grateful (or at least binary patch :D )
--
Before enlightenment - chop wood, draw water.
After enlightenment - chop wood, draw water.
Marko Cupać
https://www.mimar.rs/