diff options
| author | bluhm <> | 2020-01-06 19:39:58 +0000 |
|---|---|---|
| committer | bluhm <> | 2020-01-06 19:39:58 +0000 |
| commit | 2742398e709c477a05b8c4178bcb8f68184c4699 (patch) | |
| tree | 5f09a446d819371fe2dc2406649ac244fa876de1 /src/usr.bin/nc | |
| parent | e0ad16109c712249c045cc92577b17fba4169ab7 (diff) | |
| download | openbsd-2742398e709c477a05b8c4178bcb8f68184c4699.tar.gz openbsd-2742398e709c477a05b8c4178bcb8f68184c4699.tar.bz2 openbsd-2742398e709c477a05b8c4178bcb8f68184c4699.zip | |
The unveil(2) for nc -U -u -l was wrong. The server cannot unveil
the file system as it has to connect to the UNIX domain client
socket. The path of the latter is determined dynamically. Instead
add a restrictive pledge(2) after connect(2).
OK tb@
Diffstat (limited to 'src/usr.bin/nc')
| -rw-r--r-- | src/usr.bin/nc/netcat.c | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c index 4ff935c58e..a9e2910089 100644 --- a/src/usr.bin/nc/netcat.c +++ b/src/usr.bin/nc/netcat.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: netcat.c,v 1.213 2020/01/06 15:19:12 bluhm Exp $ */ | 1 | /* $OpenBSD: netcat.c,v 1.214 2020/01/06 19:39:58 bluhm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> | 3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> |
| 4 | * Copyright (c) 2015 Bob Beck. All rights reserved. | 4 | * Copyright (c) 2015 Bob Beck. All rights reserved. |
| @@ -371,13 +371,24 @@ main(int argc, char *argv[]) | |||
| 371 | err(1, "unveil"); | 371 | err(1, "unveil"); |
| 372 | if (oflag && unveil(oflag, "r") == -1) | 372 | if (oflag && unveil(oflag, "r") == -1) |
| 373 | err(1, "unveil"); | 373 | err(1, "unveil"); |
| 374 | } else if (family == AF_UNIX && uflag && lflag && !kflag) { | ||
| 375 | /* | ||
| 376 | * After recvfrom(2) from client, the server connects | ||
| 377 | * to the client socket. As the client path is determined | ||
| 378 | * during runtime, we cannot unveil(2). | ||
| 379 | */ | ||
| 374 | } else { | 380 | } else { |
| 375 | if (family == AF_UNIX) { | 381 | if (family == AF_UNIX) { |
| 376 | if (unveil(host, "rwc") == -1) | 382 | if (unveil(host, "rwc") == -1) |
| 377 | err(1, "unveil"); | 383 | err(1, "unveil"); |
| 378 | if (uflag && !lflag) { | 384 | if (uflag && !kflag) { |
| 379 | if (unveil(sflag ? sflag : "/tmp", "rwc") == -1) | 385 | if (sflag) { |
| 380 | err(1, "unveil"); | 386 | if (unveil(sflag, "rwc") == -1) |
| 387 | err(1, "unveil"); | ||
| 388 | } else { | ||
| 389 | if (unveil("/tmp", "rwc") == -1) | ||
| 390 | err(1, "unveil"); | ||
| 391 | } | ||
| 381 | } | 392 | } |
| 382 | } else { | 393 | } else { |
| 383 | /* no filesystem visibility */ | 394 | /* no filesystem visibility */ |
| @@ -569,6 +580,10 @@ main(int argc, char *argv[]) | |||
| 569 | if (s == -1) | 580 | if (s == -1) |
| 570 | err(1, NULL); | 581 | err(1, NULL); |
| 571 | if (uflag && kflag) { | 582 | if (uflag && kflag) { |
| 583 | if (family == AF_UNIX) { | ||
| 584 | if (pledge("stdio unix", NULL) == -1) | ||
| 585 | err(1, "pledge"); | ||
| 586 | } | ||
| 572 | /* | 587 | /* |
| 573 | * For UDP and -k, don't connect the socket, | 588 | * For UDP and -k, don't connect the socket, |
| 574 | * let it receive datagrams from multiple | 589 | * let it receive datagrams from multiple |
| @@ -595,6 +610,10 @@ main(int argc, char *argv[]) | |||
| 595 | if (rv == -1) | 610 | if (rv == -1) |
| 596 | err(1, "connect"); | 611 | err(1, "connect"); |
| 597 | 612 | ||
| 613 | if (family == AF_UNIX) { | ||
| 614 | if (pledge("stdio unix", NULL) == -1) | ||
| 615 | err(1, "pledge"); | ||
| 616 | } | ||
| 598 | if (vflag) | 617 | if (vflag) |
| 599 | report_sock("Connection received", | 618 | report_sock("Connection received", |
| 600 | (struct sockaddr *)&z, len, | 619 | (struct sockaddr *)&z, len, |