my eyes may be tricking me, but it looks like the main proc doesn't speak with
sockets during the main loop and setpriority plus privdrop at this point are all
set and done so pledge("inet id") are not required.
I have it running for a couple of hours now without issues so far so is this
change also OK?
whole diff included, but if this is also OK I'll split them in 2 commits.
Index: ntpd.c
===================================================================
RCS file: /cvs/src/usr.sbin/ntpd/ntpd.c,v
retrieving revision 1.129
diff -u -p -u -r1.129 ntpd.c
--- ntpd.c 12 Feb 2020 19:14:56 -0000 1.129
+++ ntpd.c 8 Jul 2021 10:58:59 -0000
@@ -283,11 +283,9 @@ main(int argc, char *argv[])
* Constraint processes are forked with certificates in memory,
* then privdrop into chroot before speaking to the outside world.
*/
- if (unveil(tls_default_ca_cert_file(), "r") == -1)
- err(1, "unveil");
if (unveil("/usr/sbin/ntpd", "x") == -1)
err(1, "unveil");
- if (pledge("stdio rpath inet settime proc exec id", NULL) == -1)
+ if (pledge("stdio settime proc exec", NULL) == -1)
err(1, "pledge");
while (quit == 0) {
On 10:37 Thu 08 Jul , Klemens Nanni wrote:
> On Thu, Jul 08, 2021 at 08:43:30AM +0100, Ricardo Mestre wrote:
> > /etc/ssl/cert.pem is loaded into mem with tls_load_file(3) on local function
> > priv_constraint_child() which is called before we reach the code below,
> > therefore we don't need to unveil(2) it nor having pledge(2) "rpath".
>
> OK kn
