On Fri, Nov 20, 2015 at 02:07:46PM +0100, J??r??mie Courr??ges-Anglas wrote:
> Andreas Kusalananda K??h??ri <[email protected]> writes:
>
> > Hi,
> >
> > I noticed that ntpd would die if I tried to use ntpctl to check on it:
> >
> > [...]
> > 29946 ntpd CALL poll(0xda8993ab5c0,4,1000)
> > 29946 ntpd RET poll 1
> > 29946 ntpd CALL kbind(0x7f7ffffc2558,0x18,0x7bb3facd5f812ed9)
> > 29946 ntpd RET kbind 0
> > 29946 ntpd CALL accept(5,0x7f7ffffc2630,0x7f7ffffc262c)
> > 29946 ntpd PLDG accept, "unix", errno 1 Operation not permitted
> > 29946 ntpd PSIG SIGABRT SIG_DFL
> > [...]
> >
> > I also get ntpd(<pid>): syscall 30 "unix" in the console.
>
> Confirmed, the failure is in control_accept(), which should be allowed
> to speak on a Unix socket.
>
> See the diff below.
>
There was some semantical fix in sys/kern/uipc_usrreq.c for unix
sockets that might have triggered it. I'm sure I had used ntpctl with
"older" pledge.
The diff looks OK, with the drawback that the ntp process now needs
"all of unix" for the accept() - but the unix socket is pre-opened
before its pledge/chroot.
OK reyk@
> Index: ntp.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ntpd/ntp.c,v
> retrieving revision 1.139
> diff -u -p -p -u -r1.139 ntp.c
> --- ntp.c 30 Oct 2015 16:41:53 -0000 1.139
> +++ ntp.c 20 Nov 2015 13:03:29 -0000
> @@ -149,7 +149,7 @@ ntp_main(int pipe_prnt[2], int fd_ctl, s
> endservent();
>
> /* The ntp process will want to open NTP client sockets -> "inet" */
> - if (pledge("stdio inet", NULL) == -1)
> + if (pledge("stdio unix inet", NULL) == -1)
> err(1, "pledge");
>
> signal(SIGTERM, ntp_sighdlr);
>
> --
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
>
--
