diff options
author | mestre <mestre@openbsd.org> | 2018-10-25 06:42:35 +0000 |
---|---|---|
committer | mestre <mestre@openbsd.org> | 2018-10-25 06:42:35 +0000 |
commit | 800fd717b9e008c067e3c37eb1dcfc2cb098d902 (patch) | |
tree | 619d20f3a9f2381e20469c8e25bead81a003dd8d /libexec/spamd | |
parent | The only file that spamlogd(8) needs to access after calling pledge(2) is (diff) | |
download | wireguard-openbsd-800fd717b9e008c067e3c37eb1dcfc2cb098d902.tar.xz wireguard-openbsd-800fd717b9e008c067e3c37eb1dcfc2cb098d902.zip |
When spamd(8) runs in greylist mode in the parent process (which runs
greywatcher()) we know that the only files that it will ever access are
PATH_SPAMD_DB in rw mode, alloweddomains_file in r and that it will need to
execute PATH_PFCTL so we can unveil(2) them with those permissions.
OK deraadt@ millert@ beck@
Diffstat (limited to 'libexec/spamd')
-rw-r--r-- | libexec/spamd/grey.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/libexec/spamd/grey.c b/libexec/spamd/grey.c index c75d0dad2f5..582e9a34587 100644 --- a/libexec/spamd/grey.c +++ b/libexec/spamd/grey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: grey.c,v 1.65 2017/10/18 17:31:01 millert Exp $ */ +/* $OpenBSD: grey.c,v 1.66 2018/10/25 06:42:35 mestre Exp $ */ /* * Copyright (c) 2004-2006 Bob Beck. All rights reserved. @@ -1078,6 +1078,18 @@ greywatcher(void) drop_privs(); + if (unveil(PATH_SPAMD_DB, "rw") == -1) { + syslog_r(LOG_ERR, &sdata, "unveil failed (%m)"); + exit(1); + } + if (unveil(alloweddomains_file, "r") == -1) { + syslog_r(LOG_ERR, &sdata, "unveil failed (%m)"); + exit(1); + } + if (unveil(PATH_PFCTL, "x") == -1) { + syslog_r(LOG_ERR, &sdata, "unveil failed (%m)"); + exit(1); + } if (pledge("stdio rpath wpath inet flock proc exec", NULL) == -1) { syslog_r(LOG_ERR, &sdata, "pledge failed (%m)"); exit(1); |