CVSROOT: /cvs Module name: src Changes by: flor...@cvs.openbsd.org 2019/02/10 07:10:22
Modified files: sbin/unwind : frontend.c unwind.c unwind.h Log message: Simplify trust anchor handling. Open trust anchor file for reading and writing on startup and pass it to the frontend process. The frontend process seeks and truncates the file apropriately when writing out new trust anchors learned via DNS but never closes the file. On error the file is truncated to zero length. This is in turn handled on startup by switching to the built in trust anchor when no trustanchor can be read from disk. This side steps the need for an unveil'ed directory with "c" permission and also removes the wpath and cpath pledges from the parent process. deraadt@ pointed out that my previous design didn't make sense and I had confused myself along the way. (It did work, but was too complicated for no good reason). While here validate that we actually read a trust anchor from disk by trying to parse it and checking that it is a DNSKEY. Unfortunately ub_ctx_add_ta() accepts just any string as a trust anchor without any validation.