diff options
| author | Roy Marples <roy@marples.name> | 2020-05-12 10:26:35 +0100 |
|---|---|---|
| committer | Roy Marples <roy@marples.name> | 2020-05-12 10:26:35 +0100 |
| commit | cf85354d04d98ba2117ac413edd97a46cda05293 (patch) | |
| tree | 5c79c1346f9b7435837be856798f8aa0099be3be /src/privsep-bpf.c | |
| parent | 123d78292563042e643024fc9abf154d631b0cad (diff) | |
| download | dhcpcd-cf85354d04d98ba2117ac413edd97a46cda05293.tar.xz | |
privsep: Handle all file IO in the Priviledged Actioneer
This allows us to move the database directory back into the
root of the filesystem.
While here, harden the files by denying any user read access to them.
As part of this change, init the DUID from any machine data and
cache the default DHCP vendor field before dropping priviledges as we
may lose access to this later.
Diffstat (limited to 'src/privsep-bpf.c')
| -rw-r--r-- | src/privsep-bpf.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/privsep-bpf.c b/src/privsep-bpf.c index fd76576c..8326425d 100644 --- a/src/privsep-bpf.c +++ b/src/privsep-bpf.c @@ -91,7 +91,7 @@ ps_bpf_recvbpf(void *arg) #ifdef ARP static ssize_t -ps_bpf_arp_addr(uint8_t cmd, struct ps_process *psp, struct msghdr *msg) +ps_bpf_arp_addr(uint16_t cmd, struct ps_process *psp, struct msghdr *msg) { struct interface *ifp = &psp->psp_ifp; struct iovec *iov = msg->msg_iov; @@ -197,7 +197,7 @@ ps_bpf_signal_bpfcb(int sig, void *arg) ssize_t ps_bpf_cmd(struct dhcpcd_ctx *ctx, struct ps_msghdr *psm, struct msghdr *msg) { - uint8_t cmd; + uint16_t cmd; struct ps_process *psp; pid_t start; struct iovec *iov = msg->msg_iov; @@ -205,7 +205,7 @@ ps_bpf_cmd(struct dhcpcd_ctx *ctx, struct ps_msghdr *psm, struct msghdr *msg) struct ipv4_state *istate; unsigned int flags = PSF_DROPPRIVS | PSF_CAP_ENTER; - cmd = (uint8_t)(psm->ps_cmd & ~(PS_START | PS_STOP)); + cmd = (uint16_t)(psm->ps_cmd & ~(PS_START | PS_STOP)); psp = ps_findprocess(ctx, &psm->ps_id); #ifdef PRIVSEP_DEBUG @@ -261,7 +261,7 @@ ps_bpf_cmd(struct dhcpcd_ctx *ctx, struct ps_msghdr *psm, struct msghdr *msg) * Pledge is currently useless for BPF ARP because we cannot * change the filter: * http://openbsd-archive.7691.n7.nabble.com/ \ - * pledge-bpf-32bit-arch-unbreak-td299901.html + * pledge-bpf-32bit-arch-unbreak-td299901.html */ break; #endif @@ -321,7 +321,7 @@ ps_bpf_dispatch(struct dhcpcd_ctx *ctx, } static ssize_t -ps_bpf_send(const struct interface *ifp, uint8_t cmd, +ps_bpf_send(const struct interface *ifp, uint16_t cmd, const void *data, size_t len) { struct dhcpcd_ctx *ctx = ifp->ctx; |