On Mon, Mar 15, 2021 at 07:43:44PM +0100, Sebastien Marie wrote: > On Mon, Mar 15, 2021 at 02:11:50PM +0100, Anton Lindqvist wrote: > > On Thu, Mar 11, 2021 at 11:12:41AM -0700, Klemens Nanni wrote: > > > CVSROOT: /cvs > > > Module name: src > > > Changes by: k...@cvs.openbsd.org 2021/03/11 11:12:41 > > > > > > Modified files: > > > usr.sbin/apmd : apmd.c > > > > > > Log message: > > > Use unveil(2) > > > > > > Pledge is not possible due to the ioctls, but as apmd hoists both the > > > control socket and apm device early at startup and only ever possibly > > > executes scripts under /etc/apm/, hiding the rest of the filesystem > > > becomes easy. > > > > > > Technically, only "x" is required to traverse the directory and run > > > scripts, but apmd carefully access(2) each script, which requires > > > the read bit regardless of the permission bits being tested. > > > > > > OK mestre > > > > > > > System accounting started to report unveil violations after this commit: > > > > Purging accounting records: > > apmd -FU root __ 0.06 > > secs Mon Mar 15 00:15 (8:59:20.00) > > > > This is what ktrace shows: > > > > 71448 apmd CALL access(0x66348711fa,0x5<X_OK|R_OK>) > > 71448 apmd NAMI "/etc/apm/resume" > > 71448 apmd RET access -1 errno 2 No such file or directory > > 71448 apmd CALL write(2,0x7f7ffffcf630,0x31) > > 71448 apmd GIO fd 2 wrote 49 bytes > > "do_etc_file(): cannot access file /etc/apm/resume" > > > > Only /etc/apm/suspend is present on this machine. > > > > On program exit, I have the following: > > 40924 apmd CALL lstat(0xfb8715af2f0,0x7f7ffffc01d0) > 40924 apmd NAMI "/var/run/apmdev" > 40924 apmd RET lstat -1 errno 2 No such file or directory > > apmd is trying to remove the socket on exit: > - via atexit(sockunlink), registered in bind_socket() function > - via signal catch (see sigexit() function) > > but the socket isn't unveiled.
My bad, the unveil violation I'm seeing is the same one as semarie@ discovered.
