Theo de Raadt writes:
> I have reviewed all the pledge using programs in the tree, and I do not > see additional risk from this change. > > Who wants to take care of the commit? I'll snag it! > > Josh Rickmar <joshrick...@outlook.com> wrote: > >> The kern.somaxconn sysctl was previously permitted under the inet >> pledge, which allowed pledged Go applications to listen on AF_INET and >> AF_INET6 domains. >> >> https://marc.info/?l=openbsd-tech&m=158069595809463&w=2 >> https://marc.info/?l=openbsd-cvs&m=158081099810301&w=2 >> >> But Go will also read this sysctl when only using unix domain sockets. >> The patch below additionally permits reading this sysctl if the unix >> pledge is granted. >> >> Note that for this to be tested and useful (where useful means not >> running with the inet pledge), Go's net package also needs a patch: >> https://gist.github.com/jrick/878236e2f3735d35d5a737936439cb81 >> >> diff b17f936e67043f9c006633bac4e3630f86dd05c2 /usr/src >> blob - 9ffb7f2ffb9d05d6dd741e180b62141fb5e91f0b >> file + sys/kern/kern_pledge.c >> --- sys/kern/kern_pledge.c >> +++ sys/kern/kern_pledge.c >> @@ -888,7 +888,7 @@ pledge_sysctl(struct proc *p, int miblen, int *mib, vo >> return (0); >> } >> >> - if ((p->p_p->ps_pledge & PLEDGE_INET)) { >> + if ((p->p_p->ps_pledge & (PLEDGE_INET | PLEDGE_UNIX))) { >> if (miblen == 2 && /* kern.somaxconn */ >> mib[0] == CTL_KERN && mib[1] == KERN_SOMAXCONN) >> return (0); >>