On Sun, Oct 04, 2015 at 01:33:12AM +0200, Mike Burns wrote: > - Use stdio instead of rw because of mprotect(2) in atexit. > - Pass the path to the file that can be opened.
with "rpath" request, you can already open the file you want. The `path' argument of tame(2) is used to *restrict* the files you can access with "rpath" (or other path related requests). > - Switch to return instead of exit(3) in the nearby code. it is a nop. calling return(1) from main() is near the same from calling exit(1) (at least for this case): mprotect() will be called by atexit() code. > I suspect that the paths argument is unused or not yet ready, but I > include in here regardless merely so that I can ask about it. it could be used and is functional. if you have a specific problem, please report it. > There is one line of code between the initial tame(2) and the > re-tame(2) -- this program has a tiny initialization, essentially. It > reads oddly but again: included so that I can ask about it. > > > Index: nologin.c > =================================================================== > RCS file: /cvs/src/sbin/nologin/nologin.c,v > retrieving revision 1.5 > diff -u -p -r1.5 nologin.c > --- nologin.c 10 Jul 2003 00:00:58 -0000 1.5 > +++ nologin.c 3 Oct 2015 23:26:44 -0000 > @@ -43,16 +43,24 @@ int main(int argc, char *argv[]) > int nfd; > ssize_t nrd; > char nbuf[BUFSIZ]; > + const char *paths[] = { _PATH_NOLOGIN_TXT }; the paths array should be NULL terminated: const char *paths[] = { _PATH_NOLOGIN_TXT, NULL }; > + > + if (tame("stdio rpath", paths) == -1) > + perror("tame"); > > nfd = open(_PATH_NOLOGIN_TXT, O_RDONLY); > + > + if (tame("stdio", NULL) == -1) > + perror("tame"); > + > if (nfd < 0) { > write(STDOUT_FILENO, DEFAULT_MESG, strlen(DEFAULT_MESG)); > - exit (1); > + return 1; > } > > while ((nrd = read(nfd, nbuf, sizeof(nbuf))) != -1 && nrd != 0) > write(STDOUT_FILENO, nbuf, nrd); > close (nfd); > > - exit (1); > + return 1; > } > -- Sebastien Marie