diff options
| author |   henning <henning@openbsd.org> | 2018-12-07 12:52:47 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2018-12-07 12:52:47 +0000 |
| commit | f4e4fe3a80b4f1400614ec2a47927d6354d0f682 (patch) | |
| tree | cc40cc8dfe182c93055b7ca8089c8263fcc9a655 /usr.sbin/dhcpd | |
| parent | Remove public resolver IP addresses, just provide a neutral "documentation (diff) | |
| download | wireguard-openbsd-f4e4fe3a80b4f1400614ec2a47927d6354d0f682.tar.xz wireguard-openbsd-f4e4fe3a80b4f1400614ec2a47927d6354d0f682.zip | |
I noticed the "pf table handler" process not going away on dhcpd restart,
looked at the error handling here, and.... oh my.
If opening /dev/pf on startup fails, don't just warn and move on, but bail.
If chroot (or the chdir after) fail, don't just warn and move on, bail.
If dropping privileges fails, the last thing we want to do is to just move
on with root privs, having warned or not.
If the pipe to the parent process is closed, that almost certainly means
that the parent process went away, and it absolutely certainly means that
the table handler process has no meaningful reason to exist any more, thus
bail.
ok florian ccardenas krw
Diffstat (limited to 'usr.sbin/dhcpd')
| -rw-r--r-- | usr.sbin/dhcpd/pfutils.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/usr.sbin/dhcpd/pfutils.c b/usr.sbin/dhcpd/pfutils.c index 6f661f7d8a4..091f372d5f5 100644 --- a/usr.sbin/dhcpd/pfutils.c +++ b/usr.sbin/dhcpd/pfutils.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfutils.c,v 1.18 2017/02/13 23:04:05 krw Exp $ */ +/* $OpenBSD: pfutils.c,v 1.19 2018/12/07 12:52:47 henning Exp $ */ /* * Copyright (c) 2006 Chris Kuethe <ckuethe@openbsd.org> * @@ -53,15 +53,15 @@ pftable_handler() int l, r, fd, nfds; if ((fd = open(_PATH_DEV_PF, O_RDWR|O_NOFOLLOW, 0660)) == -1) - log_warn("can't open pf device"); + fatal("can't open pf device"); if (chroot(_PATH_VAREMPTY) == -1) - log_warn("chroot %s", _PATH_VAREMPTY); + fatal("chroot %s", _PATH_VAREMPTY); if (chdir("/") == -1) - log_warn("chdir(\"/\")"); + fatal("chdir(\"/\")"); if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) - log_warn("can't drop privileges"); + fatal("can't drop privileges"); setproctitle("pf table handler"); l = sizeof(struct pf_cmd); @@ -74,14 +74,14 @@ pftable_handler() log_warn("poll"); if (nfds > 0 && (pfd[0].revents & POLLHUP)) - log_warnx("pf pipe closed"); + fatalx("pf pipe closed"); if (nfds > 0 && (pfd[0].revents & POLLIN)) { memset(&cmd, 0, l); r = atomicio(read, pfpipe[0], &cmd, l); if (r != l) - log_warn("pf pipe error"); + fatalx("pf pipe error"); switch (cmd.type) { case 'A': |