On Sat, Apr 02, 2016 at 04:38:10PM +0200, [email protected] wrote:
> Hi,
>
> this adds pledge(2) to ftpd(8).
>
> --f.
>
With help from semarie@ the original diff was changed a little
bit.
The following processes are pledged:
- [priv post-auth]
- User-privileged slave
- Unprivileged slave
As I don't cover all use cases, please send me your feedback.
--f.
Index: monitor.c
===================================================================
RCS file: /cvs/src/libexec/ftpd/monitor.c,v
retrieving revision 1.23
diff -u -r1.23 monitor.c
--- monitor.c 16 Nov 2015 17:31:14 -0000 1.23
+++ monitor.c 3 Apr 2016 15:42:21 -0000
@@ -193,6 +193,10 @@
endpwent();
close(fd_slave);
+
+ if (pledge("stdio", NULL) == -1)
+ fatalx("pledge");
+
return (1);
}
@@ -302,6 +306,11 @@
case AUTH_SLAVE:
/* User-privileged slave */
debugmsg("user-privileged slave started");
+
+ if (pledge("stdio rpath getpw proc wpath cpath
inet ioctl sendfd recvfd",
+ NULL) == -1) {
+ fatalx("pledge");
+ }
return;
/* NOTREACHED */
case AUTH_MONITOR:
@@ -311,6 +320,11 @@
setproctitle("%s: [priv post-auth]",
remotehost);
slavequit = 1;
+
+ if (pledge("stdio proc dns inet sendfd",
+ NULL) == -1) {
+ fatalx("pledge");
+ }
send_data(fd_slave, &slavequit,
sizeof(slavequit));
