diff options
| author | Roy Marples <roy@marples.name> | 2020-05-19 16:19:05 +0100 |
|---|---|---|
| committer | Roy Marples <roy@marples.name> | 2020-05-19 16:19:05 +0100 |
| commit | c5445ce8235c153f4f184067ef58249f598d8629 (patch) | |
| tree | b16a5c64baf8b7e6ecfcf1f09cf38d13aa68ff09 /src/if.c | |
| parent | d2fec927e001f2430bb8d5127403968f23b9c316 (diff) | |
| download | dhcpcd-c5445ce8235c153f4f184067ef58249f598d8629.tar.xz | |
privsep: Enable Capsicum for all processes.
Except for the priviledged process.
This is quite an in-depth change:
* ARP is now one process per address
* BPF flags are now returned via privsep
* BPF write filters are locked when supported
* The root process sends to the network
The last step is done by opening RAW sockets and then sending a UDP
header (where applicable) to avoid binding to an address
which is already in use by the reader sockets.
This is slightly wasteful for OS's without sandboxing but does
have the very nice side effect of not needing a source address
to unicast DHCPs replies from which makes the code smaller.
Diffstat (limited to 'src/if.c')
| -rw-r--r-- | src/if.c | 9 |
1 files changed, 1 insertions, 8 deletions
@@ -394,7 +394,7 @@ if_discover(struct dhcpcd_ctx *ctx, struct ifaddrs **ifaddrs, } TAILQ_INIT(ifs); -#ifdef HAVE_CAPSICUM +#if defined(PRIVSEP) && defined(HAVE_CAPSICUM) if (ctx->options & DHCPCD_PRIVSEP) { if (ps_root_getifaddrs(ctx, ifaddrs) == -1) { logerr("ps_root_getifaddrs"); @@ -911,13 +911,6 @@ xsocket(int domain, int type, int protocol) goto out; #endif -#ifdef SO_RERROR - /* Tell recvmsg(2) to return ENOBUFS if the receiving socket overflows. */ - on = 1; - if (setsockopt(s, SOL_SOCKET, SO_RERROR, &on, sizeof(on)) == -1) - logerr("%s: SO_RERROR", __func__); -#endif - return s; #if !defined(HAVE_SOCK_CLOEXEC) || !defined(HAVE_SOCK_NONBLOCK) |