On Mon, Mar 15, 2021 at 02:11:50PM +0100, Anton Lindqvist wrote: > On Thu, Mar 11, 2021 at 11:12:41AM -0700, Klemens Nanni wrote: > > CVSROOT: /cvs > > Module name: src > > Changes by: k...@cvs.openbsd.org 2021/03/11 11:12:41 > > > > Modified files: > > usr.sbin/apmd : apmd.c > > > > Log message: > > Use unveil(2) > > > > Pledge is not possible due to the ioctls, but as apmd hoists both the > > control socket and apm device early at startup and only ever possibly > > executes scripts under /etc/apm/, hiding the rest of the filesystem > > becomes easy. > > > > Technically, only "x" is required to traverse the directory and run > > scripts, but apmd carefully access(2) each script, which requires > > the read bit regardless of the permission bits being tested. > > > > OK mestre > > > > System accounting started to report unveil violations after this commit: > > Purging accounting records: > apmd -FU root __ 0.06 > secs Mon Mar 15 00:15 (8:59:20.00) > > This is what ktrace shows: > > 71448 apmd CALL access(0x66348711fa,0x5<X_OK|R_OK>) > 71448 apmd NAMI "/etc/apm/resume" > 71448 apmd RET access -1 errno 2 No such file or directory > 71448 apmd CALL write(2,0x7f7ffffcf630,0x31) > 71448 apmd GIO fd 2 wrote 49 bytes > "do_etc_file(): cannot access file /etc/apm/resume" > > Only /etc/apm/suspend is present on this machine. >
On program exit, I have the following: 40924 apmd CALL lstat(0xfb8715af2f0,0x7f7ffffc01d0) 40924 apmd NAMI "/var/run/apmdev" 40924 apmd RET lstat -1 errno 2 No such file or directory apmd is trying to remove the socket on exit: - via atexit(sockunlink), registered in bind_socket() function - via signal catch (see sigexit() function) but the socket isn't unveiled. -- Sebastien Marie
