summaryrefslogtreecommitdiffstats
path: root/src/privsep-bsd.c
Commit message (Collapse)AuthorAge
* A belated welcome to 2021Roy Marples2021-01-31
|
* FreeBSD: Anticipate SIOCGIFDATA not working in CapsicumRoy Marples2020-09-24
|
* BSD: NetBSD is the odd man out with SIOCGIFDATARoy Marples2020-09-24
| | | | | | So setup the #defines like so. On OpenBSD, pledge blocks it and there is no escape. Luckily we already allow indirect ioctls via privsep so it works fine.
* privsep: Remove pledges inet and dns from the master processRoy Marples2020-06-05
| | | | | | | | | Achieved by adding IPC to ignore interfaces names based on the interface group. This means every process just pledges stdio for IPC which the exception of the master process which also pledges route so it can access the routing table.
* privsep: Fix returning indirect ioctl dataRoy Marples2020-06-04
|
* Fix prior for BSDRoy Marples2020-05-24
|
* privsep: Allow Linux to work without needing any mountsRoy Marples2020-05-24
|
* privsep: Filter ioctls to a known list.Roy Marples2020-05-20
| | | | In-case the master process is broken into.
* privsep: Move defines aroundRoy Marples2020-05-13
|
* privsep: Handle all file IO in the Priviledged ActioneerRoy Marples2020-05-12
| | | | | | | | | | This allows us to move the database directory back into the root of the filesystem. While here, harden the files by denying any user read access to them. As part of this change, init the DUID from any machine data and cache the default DHCP vendor field before dropping priviledges as we may lose access to this later.
* privsep: Implement pledge(2) support as found on OpenBSDRoy Marples2020-05-10
|
* privsep: Add function for indirect ioctlRoy Marples2020-05-10
|
* privsep: Copy back ioctl dataRoy Marples2020-05-10
|
* spelling: Correct both privilege and separationRoy Marples2020-02-10
| | | | Found by Arfrever.
* StyleRoy Marples2020-02-04
|
* Implement Anonymity Profiles for DHCP Clients, RFC 7844Roy Marples2020-01-15
| | | | | | | | | | | | | | This works by randomising the hardware address when carrier is down and using this to construct a DUID LL which is used over any saved DUID. IAID is defaulted to zero and hostname + FQDN are disabled. Then every possible option is masked out except for essential ones. It's possible to request options *after* anonymous option which will enable it. This is RFC compliant and allows 100% flexability in letting the user decide what, if any, details leek out. This is disabled by default. Only works on NetBSD, other OS coming shortly.
* Welcome to 2020!Roy Marples2020-01-03
|
* privsep: Expect errors from ioctl so dont log them.Roy Marples2019-11-28
| | | | The dhcpcd state engine will.
* privsep: Add support for priviledge separationRoy Marples2019-11-28
Not enabled by default - enable with ./configure --enable-privsep Requires a user added to the system - default _dhcpcd Several processes will be spawned off the main state engine: a privileged actioneer and a generic network proxy. Only the privileged actioneer process will retain root permissions. When required, the privileged actioneer will also spawn BPF listeners for BOOTP (DHCP) and ARP. The BOOTP BPF listener should be a short lived process. On kernels with RFC 5227 support, the ARP BPF listener will only be used for ARPing and announcing a preferred address and will also be a short lived process. When not running in master mode, an address listener will be spawned for each address (with the exception of RA dervived addresses) dhcpcd cares about. TODO: * Solaris support. * ARP BPF address filtering.