snmpe calls kif_update on an interface change which performs an ioctl
with SIOCGIFDESCR, currently disallowed by pledge. No other network daemons do
this. The only other programs that make this call appear to be ifconfig and
systat. ifnet.if_description simply contains an optional user defined
interface description.
vmd performs an ioctl with SIOCSIFDESCR to set ifnet.if_description, and this
is done in a privileged process that is not pledged.
The following diff proposal allows for an ioctl on SIOCGIFDESCR under a route
promise.
Thoughts?
Rob
Index: kern_pledge.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.216
diff -u -p -r1.216 kern_pledge.c
--- kern_pledge.c 29 Jun 2017 04:10:07 -0000 1.216
+++ kern_pledge.c 26 Jul 2017 18:14:04 -0000
@@ -1305,6 +1305,7 @@ pledge_ioctl(struct proc *p, long com, s
if ((p->p_p->ps_pledge & PLEDGE_ROUTE)) {
switch (com) {
case SIOCGIFADDR:
+ case SIOCGIFDESCR:
case SIOCGIFFLAGS:
case SIOCGIFMETRIC:
case SIOCGIFGMEMB:
