Blob

Date:
Message:
rework the daemon to do fork+exec It uses the 'common' proc.c from various OpenBSD-daemons. gmid grew organically bit by bit and it was also the first place where I tried to implement privsep. It wasn't done very well, in fact the parent process (that retains root privileges) just fork()s a generation of servers, all sharing *exactly* the same address space. No good! Now, we fork() and re-exec() ourselves, so that each process has a fresh address space. Some features (require client ca for example) are temporarly disabled, will be fixed in subsequent commits. The "ge" program is also temporarly disabled as it needs tweaks to do privsep too.
Actions:
History | Blame | Raw File
1 /*

2  * Copyright (c) 2021 Omar Polo <op@omarpolo.com>

3  *

4  * Permission to use, copy, modify, and distribute this software for any

5  * purpose with or without fee is hereby granted, provided that the above

6  * copyright notice and this permission notice appear in all copies.

7  *

8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

15  */

17 #include "gmid.h"

18 #include "log.h"

20 #if defined(__OpenBSD__)

22 #include <unistd.h>

24 void

25 sandbox_main_process(void)

26 {

27 	if (pledge("stdio rpath inet dns sendfd proc", NULL) == -1)

28 		fatal("pledge");

29 }

31 void

32 sandbox_server_process(void)

33 {

34 	struct vhost	*h;

35 	struct location	*l;

37 	TAILQ_FOREACH(h, &hosts, vhosts) {

38 		TAILQ_FOREACH(l, &h->locations, locations) {

39 			if (*l->dir == '\0')

40 				continue;

42 			if (unveil(l->dir, "rw") == -1)

43 				fatal("unveil %s for domain %s",

44 				    l->dir,

45 				    h->domain);

46 		}

47 	}

49 	if (pledge("stdio recvfd rpath unix inet dns", NULL) == -1)

50 		fatal("pledge");

51 }

53 void

54 sandbox_logger_process(void)

55 {

56 	if (pledge("stdio recvfd", NULL) == -1)

57 		fatal("pledge");

58 }

60 #else

62 #warning "No sandbox method known for this OS"

64 void

65 sandbox_server_process(void)

66 {

67 	return;

68 }

70 void

71 sandbox_logger_process(void)

72 {

73 	return;

74 }

76 #endif