On Mon, Jan 06, 2020 at 02:05:10PM +0100, Alexander Bluhm wrote: > Hi, > > The unveil(2) for nc -U -u -l is wrong. Basically we cannot unveil > as the server has to connect to the client socket. The latter is > determined dynamically. > > Instead we can add a restrictive pledge(2) after connect(2). > > Note that you need my previous diff that fixes dns as the wrong > lookup does not work with the new pledge. > > ok?
ok tb This was also reported here: https://marc.info/?l=openbsd-bugs&m=156551637919169&w=2 There are more reports/diffs by "astian" that might be worth looking at: https://marc.info/?a=156551652000001&r=1&w=2 > > bluhm > > Index: usr.bin/nc/netcat.c > =================================================================== > RCS file: /data/mirror/openbsd/cvs/src/usr.bin/nc/netcat.c,v > retrieving revision 1.212 > diff -u -p -r1.212 netcat.c > --- usr.bin/nc/netcat.c 17 Nov 2019 17:38:33 -0000 1.212 > +++ usr.bin/nc/netcat.c 6 Jan 2020 12:56:06 -0000 > @@ -371,13 +371,24 @@ main(int argc, char *argv[]) > err(1, "unveil"); > if (oflag && unveil(oflag, "r") == -1) > err(1, "unveil"); > + } else if (family == AF_UNIX && uflag && lflag && !kflag) { > + /* > + * After recvfrom(2) from client, the server connects > + * to the client socket. As the client path is determined > + * during runtime, we cannot unveil(2). > + */ > } else { > if (family == AF_UNIX) { > if (unveil(host, "rwc") == -1) > err(1, "unveil"); > - if (uflag && !lflag) { > - if (unveil(sflag ? sflag : "/tmp", "rwc") == -1) > - err(1, "unveil"); > + if (uflag && !kflag) { > + if (sflag) { > + if (unveil(sflag, "rwc") == -1) > + err(1, "unveil"); > + } else { > + if (unveil("/tmp", "rwc") == -1) > + err(1, "unveil"); > + } > } > } else { > /* no filesystem visibility */ > @@ -569,6 +580,10 @@ main(int argc, char *argv[]) > if (s == -1) > err(1, NULL); > if (uflag && kflag) { > + if (family == AF_UNIX) { > + if (pledge("stdio unix", NULL) == -1) > + err(1, "pledge"); > + } > /* > * For UDP and -k, don't connect the socket, > * let it receive datagrams from multiple > @@ -595,6 +610,10 @@ main(int argc, char *argv[]) > if (rv == -1) > err(1, "connect"); > > + if (family == AF_UNIX) { > + if (pledge("stdio unix", NULL) == -1) > + err(1, "pledge"); > + } > if (vflag) > report_sock("Connection received", > (struct sockaddr *)&z, len, NULL); >
