commit a927acb7ee9cf05b9c3a945a3d2f4604e325e958
parent 69922598e7f2dcb4ee86dff3bbc08720a0360e94
Author: Joris Vink <joris@coders.se>
Date: Tue, 31 Jul 2018 06:51:34 +0200
Add pledge support under OpenBSD.
All worker processes will now call pledge(2) after dropping
privileges (even if -rn was specified).
By default Kore will use the following promises:
"stdio rpath inet error"
If your application requires more privileges, you can add more pledges
by setting them in your configuration using the 'pledge' directive:
pledge dns wpath
Diffstat:
4 files changed, 58 insertions(+), 0 deletions(-)
diff --git a/include/kore/kore.h b/include/kore/kore.h
@@ -60,6 +60,10 @@ extern int daemon(int, int);
#endif
#endif
+#if defined(__OpenBSD__)
+#define KORE_USE_PLATFORM_PLEDGE 1
+#endif
+
#define KORE_RESULT_ERROR 0
#define KORE_RESULT_OK 1
#define KORE_RESULT_RETRY 2
@@ -562,6 +566,11 @@ void kore_platform_worker_setcpu(struct kore_worker *);
int kore_platform_sendfile(struct connection *, struct netbuf *);
#endif
+#if defined(KORE_USE_PLATFORM_PLEDGE)
+void kore_platform_pledge(void);
+void kore_platform_add_pledge(const char *);
+#endif
+
void kore_accesslog_init(void);
void kore_accesslog_worker_init(void);
int kore_accesslog_write(const void *, u_int32_t);
diff --git a/src/bsd.c b/src/bsd.c
@@ -41,6 +41,10 @@ static int kfd = -1;
static struct kevent *events = NULL;
static u_int32_t event_count = 0;
+#if defined(KORE_USE_PLATFORM_PLEDGE)
+static char pledges[256] = { "stdio rpath inet error" };
+#endif
+
void
kore_platform_init(void)
{
@@ -320,3 +324,26 @@ kore_platform_sendfile(struct connection *c, struct netbuf *nb)
return (KORE_RESULT_OK);
}
#endif
+
+#if defined(KORE_USE_PLATFORM_PLEDGE)
+void
+kore_platform_pledge(void)
+{
+ if (pledge(pledges, NULL) == -1)
+ fatal("failed to pledge process");
+}
+
+void
+kore_platform_add_pledge(const char *pledge)
+{
+ size_t len;
+
+ len = strlcat(pledges, " ", sizeof(pledges));
+ if (len >= sizeof(pledges))
+ fatal("truncation on pledges");
+
+ len = strlcat(pledges, pledge, sizeof(pledges));
+ if (len >= sizeof(pledges))
+ fatal("truncation on pledges (%s)", pledge);
+}
+#endif
diff --git a/src/config.c b/src/config.c
@@ -63,6 +63,10 @@ static int configure_accept_threshold(char *);
static int configure_set_affinity(char *);
static int configure_socket_backlog(char *);
+#if defined(KORE_USE_PLATFORM_PLEDGE)
+static int configure_add_pledge(char *);
+#endif
+
#if !defined(KORE_NO_TLS)
static int configure_rand_file(char *);
static int configure_certfile(char *);
@@ -142,6 +146,9 @@ static struct {
{ "worker_set_affinity", configure_set_affinity },
{ "pidfile", configure_pidfile },
{ "socket_backlog", configure_socket_backlog },
+#if defined(KORE_USE_PLATFORM_PLEDGE)
+ { "pledge", configure_add_pledge },
+#endif
#if !defined(KORE_NO_TLS)
{ "tls_version", configure_tls_version },
{ "tls_cipher", configure_tls_cipher },
@@ -1378,3 +1385,13 @@ configure_python_import(char *module)
return (KORE_RESULT_OK);
}
#endif
+
+#if defined(KORE_USE_PLATFORM_PLEDGE)
+static int
+configure_add_pledge(char *pledge)
+{
+ kore_platform_add_pledge(pledge);
+
+ return (KORE_RESULT_OK);
+}
+#endif
diff --git a/src/worker.c b/src/worker.c
@@ -281,6 +281,11 @@ kore_worker_privdrop(const char *runas, const char *root)
#endif
fatal("cannot drop privileges");
}
+
+#if defined(KORE_USE_PLATFORM_PLEDGE)
+ kore_platform_pledge();
+#endif
+
}
void
