Add pledge support under OpenBSD.

All worker processes will now call pledge(2) after dropping privileges (even if -rn was specified). By default Kore will use the following promises: "stdio rpath inet error" If your application requires more privileges, you can add more pledges by setting them in your configuration using the 'pledge' directive: pledge dns wpath
2018-07-31 06:51:34 +02:00 · 2018-07-31 06:51:34 +02:00 · a927acb7ee
parent 69922598e7
commit a927acb7ee
4 changed files with 58 additions and 0 deletions
--- a/include/kore/kore.h
+++ b/include/kore/kore.h
@ -60,6 +60,10 @@ extern int daemon(int, int);
 #endif
 #endif

+#if defined(__OpenBSD__)
+#define KORE_USE_PLATFORM_PLEDGE	1
+#endif
+
 #define KORE_RESULT_ERROR	0
 #define KORE_RESULT_OK		1
 #define KORE_RESULT_RETRY	2
@ -562,6 +566,11 @@ void		kore_platform_worker_setcpu(struct kore_worker *);
 int		kore_platform_sendfile(struct connection *, struct netbuf *);
 #endif

+#if defined(KORE_USE_PLATFORM_PLEDGE)
+void		kore_platform_pledge(void);
+void		kore_platform_add_pledge(const char *);
+#endif
+
 void		kore_accesslog_init(void);
 void		kore_accesslog_worker_init(void);
 int		kore_accesslog_write(const void *, u_int32_t);
--- a/src/bsd.c
+++ b/src/bsd.c
@ -41,6 +41,10 @@ static int			kfd = -1;
 static struct kevent		*events = NULL;
 static u_int32_t		event_count = 0;

+#if defined(KORE_USE_PLATFORM_PLEDGE)
+static char	pledges[256] = { "stdio rpath inet error" };
+#endif
+
 void
 kore_platform_init(void)
 {
@ -320,3 +324,26 @@ kore_platform_sendfile(struct connection *c, struct netbuf *nb)
 	return (KORE_RESULT_OK);
 }
 #endif
+
+#if defined(KORE_USE_PLATFORM_PLEDGE)
+void
+kore_platform_pledge(void)
+{
+	if (pledge(pledges, NULL) == -1)
+		fatal("failed to pledge process");
+}
+
+void
+kore_platform_add_pledge(const char *pledge)
+{
+	size_t		len;
+
+	len = strlcat(pledges, " ", sizeof(pledges));
+	if (len >= sizeof(pledges))
+		fatal("truncation on pledges");
+
+	len = strlcat(pledges, pledge, sizeof(pledges));
+	if (len >= sizeof(pledges))
+		fatal("truncation on pledges (%s)", pledge);
+}
+#endif
--- a/src/config.c
+++ b/src/config.c
@ -63,6 +63,10 @@ static int		configure_accept_threshold(char *);
 static int		configure_set_affinity(char *);
 static int		configure_socket_backlog(char *);

+#if defined(KORE_USE_PLATFORM_PLEDGE)
+static int		configure_add_pledge(char *);
+#endif
+
 #if !defined(KORE_NO_TLS)
 static int		configure_rand_file(char *);
 static int		configure_certfile(char *);
@ -142,6 +146,9 @@ static struct {
 	{ "worker_set_affinity",	configure_set_affinity },
 	{ "pidfile",			configure_pidfile },
 	{ "socket_backlog",		configure_socket_backlog },
+#if defined(KORE_USE_PLATFORM_PLEDGE)
+	{ "pledge",			configure_add_pledge },
+#endif
 #if !defined(KORE_NO_TLS)
 	{ "tls_version",		configure_tls_version },
 	{ "tls_cipher",			configure_tls_cipher },
@ -1378,3 +1385,13 @@ configure_python_import(char *module)
 	return (KORE_RESULT_OK);
 }
 #endif
+
+#if defined(KORE_USE_PLATFORM_PLEDGE)
+static int
+configure_add_pledge(char *pledge)
+{
+	kore_platform_add_pledge(pledge);
+
+	return (KORE_RESULT_OK);
+}
+#endif
--- a/src/worker.c
+++ b/src/worker.c
@ -281,6 +281,11 @@ kore_worker_privdrop(const char *runas, const char *root)
 #endif
 			fatal("cannot drop privileges");
 	}
+
+#if defined(KORE_USE_PLATFORM_PLEDGE)
+	kore_platform_pledge();
+#endif
+
 }

 void