On Thu, Jun 01, 2017 at 10:26:52PM +0100, Stuart Henderson wrote:
> On 2017/06/01 15:20, Todd C. Miller wrote:
> > On Thu, 01 Jun 2017 22:11:06 +0100, Stuart Henderson wrote:
> >
> > > like so..(with the revert of the revert included).
> >
> > You could even restrict it to only PLEDGE_DNS if you wanted to, but
> > since this is read-only access it doesn't make much difference.
>
> tb@ has that diff. :)
>
Yes, I'd prefer that diff. As all three affected bind/ programs pledge
"dns", it would be good enough:
Index: kern_pledge.c
===================================================================
RCS file: /var/cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.210
diff -u -p -r1.210 kern_pledge.c
--- kern_pledge.c 30 May 2017 15:04:45 -0000 1.210
+++ kern_pledge.c 1 Jun 2017 21:02:14 -0000
@@ -979,6 +979,12 @@ pledge_sysctl(struct proc *p, int miblen
return (0);
}
+ if ((p->p_p->ps_pledge & PLEDGE_DNS)) {
+ if (miblen == 2 && /* kern.dnsjackport */
+ mib[0] == CTL_KERN && mib[1] == KERN_DNSJACKPORT)
+ return (0);
+ }
+
if ((p->p_p->ps_pledge & PLEDGE_DISKLABEL)) {
if (miblen == 2 && /* kern.rawpartition */
mib[0] == CTL_KERN &&
