pledge(2) for slowcgi.

After initialization slowcgi accepts from a AF_UNIX socket, forks and execs. After fork we only need to close(2), chdir(2) and exec. OK benno@
author: florian <florian@openbsd.org> 2015-11-05 19:15:22 +0000
committer: florian <florian@openbsd.org> 2015-11-05 19:15:22 +0000
commit: 1bfdb2601aeb205d39a0b51665a9a333adcc3b35 (patch)
tree: 734dc74dc1967a6ef4f9d83d42c2496785570a19
parent: re-shuffle slowcgi_listen to run less code as root. (diff)
download: wireguard-openbsd-1bfdb2601aeb205d39a0b51665a9a333adcc3b35.tar.xz
wireguard-openbsd-1bfdb2601aeb205d39a0b51665a9a333adcc3b35.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/slowcgi/slowcgi.c b/usr.sbin/slowcgi/slowcgi.c
index 24468a8c561..5bf8eb61767 100644
--- a/usr.sbin/slowcgi/slowcgi.c
+++ b/usr.sbin/slowcgi/slowcgi.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: slowcgi.c,v 1.46 2015/11/05 19:14:56 florian Exp $ */
+/*	$OpenBSD: slowcgi.c,v 1.47 2015/11/05 19:15:22 florian Exp $ */
 /*
  * Copyright (c) 2013 David Gwynne <dlg@openbsd.org>
  * Copyright (c) 2013 Florian Obser <florian@openbsd.org>
@@ -336,6 +336,9 @@ main(int argc, char *argv[])
 	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
 		lerr(1, "unable to revoke privs");
 
+	if (pledge("stdio rpath unix proc exec", NULL) == -1)
+		lerr(1, "pledge");
+
 	SLIST_INIT(&slowcgi_proc.requests);
 	event_init();
 
@@ -883,6 +886,8 @@ exec_cgi(struct request *c)
 		return;
 	case 0:
 		/* Child process */
+		if (pledge("stdio rpath exec", NULL) == -1)
+			lerr(1, "pledge");
 		close(s_in[0]);
 		close(s_out[0]);
 		close(s_err[0]);
author	florian <florian@openbsd.org>	2015-11-05 19:15:22 +0000
committer	florian <florian@openbsd.org>	2015-11-05 19:15:22 +0000
commit	1bfdb2601aeb205d39a0b51665a9a333adcc3b35 (patch)
tree	734dc74dc1967a6ef4f9d83d42c2496785570a19
parent	re-shuffle slowcgi_listen to run less code as root. (diff)
download	wireguard-openbsd-1bfdb2601aeb205d39a0b51665a9a333adcc3b35.tar.xz wireguard-openbsd-1bfdb2601aeb205d39a0b51665a9a333adcc3b35.zip