diff options
| author | Roy Marples <roy@marples.name> | 2020-06-05 14:12:23 +0100 |
|---|---|---|
| committer | Roy Marples <roy@marples.name> | 2020-06-05 14:12:23 +0100 |
| commit | 59c952ac3db05d7ec0a8c275b3163fde32a7fade (patch) | |
| tree | ec2da8c54d57a45b555cd0d0ed5c5c7485676ed3 | |
| parent | bbc8b10a5aa9e0f8d72be2a103619a1aeb0bb933 (diff) | |
| download | dhcpcd-59c952ac3db05d7ec0a8c275b3163fde32a7fade.tar.xz | |
Linux: make resource limits work by using getifaddrs over privsep
| -rw-r--r-- | src/if.c | 2 | ||||
| -rw-r--r-- | src/privsep-root.c | 16 | ||||
| -rw-r--r-- | src/privsep-root.h | 6 | ||||
| -rw-r--r-- | src/privsep.c | 8 |
4 files changed, 21 insertions, 11 deletions
@@ -403,7 +403,7 @@ if_discover(struct dhcpcd_ctx *ctx, struct ifaddrs **ifaddrs, } TAILQ_INIT(ifs); -#if defined(PRIVSEP) && defined(HAVE_CAPSICUM) +#ifdef PRIVSEP_GETIFADDRS if (ctx->options & DHCPCD_PRIVSEP) { if (ps_root_getifaddrs(ctx, ifaddrs) == -1) { logerr("ps_root_getifaddrs"); diff --git a/src/privsep-root.c b/src/privsep-root.c index 512dfcc0..5f5e2861 100644 --- a/src/privsep-root.c +++ b/src/privsep-root.c @@ -132,7 +132,7 @@ ps_root_readerror(struct dhcpcd_ctx *ctx, void *data, size_t len) return psr_ctx.psr_error.psr_result; } -#ifdef HAVE_CAPSICUM +#ifdef PRIVSEP_GETIFADDRS static void ps_root_mreaderrorcb(void *arg) { @@ -351,7 +351,7 @@ ps_root_monordm(uint64_t *rdm, size_t len) } #endif -#ifdef HAVE_CAPSICUM +#ifdef PRIVSEP_GETIFADDRS #define IFA_NADDRS 3 static ssize_t ps_root_dogetifaddrs(void **rdata, size_t *rlen) @@ -564,7 +564,7 @@ ps_root_recvmsgcb(void *arg, struct ps_msghdr *psm, struct msghdr *msg) } break; #endif -#ifdef HAVE_CAPSICUM +#ifdef PRIVSEP_GETIFADDRS case PS_GETIFADDRS: err = ps_root_dogetifaddrs(&rdata, &rlen); free_rdata = true; @@ -889,7 +889,7 @@ ps_root_filemtime(struct dhcpcd_ctx *ctx, const char *file, time_t *time) return ps_root_readerror(ctx, time, sizeof(*time)); } -#ifdef HAVE_CAPSICUM +#ifdef PRIVSEP_GETIFADDRS int ps_root_getifaddrs(struct dhcpcd_ctx *ctx, struct ifaddrs **ifahead) { @@ -916,7 +916,7 @@ ps_root_getifaddrs(struct dhcpcd_ctx *ctx, struct ifaddrs **ifahead) bp = buf; *ifahead = (struct ifaddrs *)(void *)bp; - for (ifa = *ifahead; len != 0; ifa = ifa->ifa_next) { + for (ifa = *ifahead; ifa != NULL; ifa = ifa->ifa_next) { if (len < ALIGN(sizeof(*ifa)) + ALIGN(IFNAMSIZ) + ALIGN(sizeof(salen) * IFA_NADDRS)) goto err; @@ -944,9 +944,11 @@ ps_root_getifaddrs(struct dhcpcd_ctx *ctx, struct ifaddrs **ifahead) COPYOUTSA(ifa->ifa_addr); COPYOUTSA(ifa->ifa_netmask); COPYOUTSA(ifa->ifa_broadaddr); - ifa->ifa_next = (struct ifaddrs *)(void *)bp; + if (len != 0) + ifa->ifa_next = (struct ifaddrs *)(void *)bp; + else + ifa->ifa_next = NULL; } - ifa->ifa_next = NULL; return 0; err: diff --git a/src/privsep-root.h b/src/privsep-root.h index 371431bf..1de284bf 100644 --- a/src/privsep-root.h +++ b/src/privsep-root.h @@ -31,6 +31,10 @@ #include "if.h" +#if defined(PRIVSEP) && (defined(HAVE_CAPSICUM) || defined(__linux__)) +#define PRIVSEP_GETIFADDRS +#endif + pid_t ps_root_start(struct dhcpcd_ctx *ctx); int ps_root_stop(struct dhcpcd_ctx *ctx); @@ -45,7 +49,9 @@ ssize_t ps_root_writefile(struct dhcpcd_ctx *, const char *, mode_t, const void *, size_t); ssize_t ps_root_script(struct dhcpcd_ctx *, const void *, size_t); int ps_root_getauthrdm(struct dhcpcd_ctx *, uint64_t *); +#ifdef PRIVSEP_GETIFADDRS int ps_root_getifaddrs(struct dhcpcd_ctx *, struct ifaddrs **); +#endif ssize_t ps_root_os(struct ps_msghdr *, struct msghdr *, void **, size_t *); #if defined(BSD) || defined(__sun) diff --git a/src/privsep.c b/src/privsep.c index 89017464..271c0c39 100644 --- a/src/privsep.c +++ b/src/privsep.c @@ -113,7 +113,7 @@ int ps_dropprivs(struct dhcpcd_ctx *ctx) { struct passwd *pw = ctx->ps_user; -#if !defined(HAVE_PLEDGE) && !defined(__linux__) +#if !defined(HAVE_PLEDGE) struct rlimit rzero = { .rlim_cur = 0, .rlim_max = 0 }; #endif @@ -132,16 +132,18 @@ ps_dropprivs(struct dhcpcd_ctx *ctx) return -1; } -#if defined(HAVE_PLEDGE) || defined(__linux__) +#if defined(HAVE_PLEDGE) /* None of these resource limits work with pledge. */ #else +#ifndef __linux__ /* breaks ppoll */ /* Prohibit new files, sockets, etc */ if (setrlimit(RLIMIT_NOFILE, &rzero) == -1) { logerr("setrlimit RLIMIT_NOFILE"); return -1; } +#endif -#ifndef HAVE_CAPSICUM /* Seems to break our IPC. */ +#ifndef HAVE_CAPSICUM /* breaks sending over our IPC */ /* Prohibit large files */ if (setrlimit(RLIMIT_FSIZE, &rzero) == -1) { logerr("setrlimit RLIMIT_FSIZE"); |