Changeset View
Changeset View
Standalone View
Standalone View
socket.c
/* $Id$ */ | /* $Id$ */ | ||||
/* | /* | ||||
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> | * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> | ||||
* | * | ||||
* Permission to use, copy, modify, and distribute this software for any | * Permission to use, copy, modify, and distribute this software for any | ||||
* purpose with or without fee is hereby granted, provided that the above | * purpose with or without fee is hereby granted, provided that the above | ||||
* copyright notice and this permission notice appear in all copies. | * copyright notice and this permission notice appear in all copies. | ||||
* | * | ||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||||
*/ | */ | ||||
#include <sys/capsicum.h> | |||||
#include <sys/queue.h> | #include <sys/queue.h> | ||||
#include <sys/stat.h> | #include <sys/stat.h> | ||||
#include <sys/socket.h> | #include <sys/socket.h> | ||||
#include <arpa/inet.h> | #include <arpa/inet.h> | ||||
#include <netinet/in.h> | #include <netinet/in.h> | ||||
#include <assert.h> | #include <assert.h> | ||||
#include <ctype.h> | #include <ctype.h> | ||||
▲ Show 20 Lines • Show All 237 Lines • ▼ Show 20 Lines | rsync_socket(const struct opts *opts, const struct fargs *f) | ||||
/* Resolve all IP addresses from the host. */ | /* Resolve all IP addresses from the host. */ | ||||
if ((src = inet_resolve(&sess, f->host, &srcsz)) == NULL) { | if ((src = inet_resolve(&sess, f->host, &srcsz)) == NULL) { | ||||
ERRX1(&sess, "inet_resolve"); | ERRX1(&sess, "inet_resolve"); | ||||
free(args); | free(args); | ||||
return 0; | return 0; | ||||
} | } | ||||
/* Drop the DNS pledge. */ | |||||
if (pledge("stdio unix rpath wpath cpath dpath fattr chown getpw inet unveil", NULL) == -1) { | |||||
ERR(&sess, "pledge"); | |||||
goto out; | |||||
} | |||||
/* | /* | ||||
* Iterate over all addresses, trying to connect. | * Iterate over all addresses, trying to connect. | ||||
* When we succeed, then continue using the connected socket. | * When we succeed, then continue using the connected socket. | ||||
*/ | */ | ||||
assert(srcsz); | assert(srcsz); | ||||
for (i = 0; i < srcsz; i++) { | for (i = 0; i < srcsz; i++) { | ||||
c = inet_connect(&sess, &sd, &src[i], f->host); | c = inet_connect(&sess, &sd, &src[i], f->host); | ||||
if (c < 0) { | if (c < 0) { | ||||
ERRX1(&sess, "inet_connect"); | ERRX1(&sess, "inet_connect"); | ||||
goto out; | goto out; | ||||
} else if (c > 0) | } else if (c > 0) | ||||
break; | break; | ||||
} | } | ||||
/* Drop the inet pledge. */ | if (cap_enter() < 0 && errno != ENOSYS) { | ||||
if (pledge("stdio unix rpath wpath cpath dpath fattr chown getpw unveil", NULL) == -1) { | ERRX(&sess, "cap_enter"); | ||||
cem: Seems like we could enter sandbox slightly earlier with `CAP_CONNECT` on the socket? May not… | |||||
emasteUnsubmitted Not Done Inline Actionsas earlier, caph_enter also we should leave as ERR() not ERRX(), the errno is valid and useful information emaste: as earlier, `caph_enter`
also we should leave as `ERR()` not `ERRX()`, the errno is valid and… | |||||
ERR(&sess, "pledge"); | |||||
goto out; | goto out; | ||||
} | } | ||||
if (i == srcsz) { | if (i == srcsz) { | ||||
ERRX(&sess, "cannot connect to host: %s", f->host); | ERRX(&sess, "cannot connect to host: %s", f->host); | ||||
goto out; | goto out; | ||||
} | } | ||||
▲ Show 20 Lines • Show All 133 Lines • Show Last 20 Lines |
Seems like we could enter sandbox slightly earlier with CAP_CONNECT on the socket? May not matter too much.