Re: CVS: cvs.openbsd.org: src

Thu, 05 Nov 2015 12:55:18 -0800 

On 2015/10/22 09:55, Reyk Floeter wrote:
> CVSROOT:      /cvs
> Module name:  src
> Changes by:   [email protected]    2015/10/22 09:55:18
> 
> Modified files:
>       sbin/iked      : ca.c control.c iked.c iked.h ikev2.c proc.c 
>                        types.h 
> 
> Log message:
> iked hereby pledges that it will run with restricted system
> operations.  This adds pledge(2) too all processes, including the iked
> parent process; the existing privsep design has been improved for
> better pledgeability.  There haven't been any serious problems as it
> was already sane (eg. by receiving the PFKEYv2 and UDP sockets via fd
> passing).  The control socket moved to an independent process to
> remove some abilities from the cert process.
> 
> Committed in agreement with many but nobody was brave enough to OK it.
> 
> Better testing will happen with having it in the tree.
> "It's the truth" deraadt@
> "Let's see what happens" benno@
> 

With a config including "ikev2 esp proto etherip" it fails to open 
/etc/protocols,
I guess the same might also apply to /etc/services if I used ports by name.

iked(24133): syscall 5 "rpath"

(gdb) bt
#0  0x00001858ebcf99ea in open () at <stdin>:2
#1  0x00001858ebd56692 in *_libc_fopen (file=0x1858ebe71b30 "/etc/protocols", 
    mode=Variable "mode" is not available.
) at /usr/src/lib/libc/stdio/fopen.c:54
#2  0x00001858ebd0cc55 in *_libc_setprotoent_r (f=0, pd=0x1858ec199fa0)
    at /usr/src/lib/libc/net/getprotoent.c:45
#3  0x00001858ebd035fe in *_libc_getprotobynumber_r (num=97, 
    pe=0x1858ec1907d0, pd=0x1858ec199fa0)
    at /usr/src/lib/libc/net/getproto.c:39
#4  0x00001858ebd03657 in getprotobynumber (num=Variable "num" is not available.
)
    at /usr/src/lib/libc/net/getproto.c:57
#5  0x00001856833325e7 in ikev2_msg_cb () from /sbin/iked
#6  0x0000185683335190 in ikev2_msg_cb () from /sbin/iked
#7  0x0000185683311004 in ?? () from /sbin/iked
#8  0x000018568333153a in ikev2_msg_cb () from /sbin/iked
#9  0x000018590cf17008 in event_base_loop (base=0x1858ce888000, flags=Variable 
"flags" is not available.
)
    at /usr/src/lib/libevent/event.c:350
#10 0x0000185683331fb4 in ikev2_msg_cb () from /sbin/iked
#11 0x00001856833321b9 in ikev2_msg_cb () from /sbin/iked
#12 0x000018568331592e in ?? () from /sbin/iked
#13 0x000018568330c7f1 in ?? () from /sbin/iked
#14 0x0000000000000000 in ?? ()
Current language:  auto; currently asm

Reply via email to