Commit Diff
Diff:
4bfa2822462090be189a01c9a4f0476f04961e72
d43e0b23190a4b1b2fcf074f9522986498a23a3c
Commit:
d43e0b23190a4b1b2fcf074f9522986498a23a3c
Tree:
8c94b7e3fd6382fcc59fe71d6f116fed4e3fc0e9
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Sat Jul 11 20:43:18 2020 UTC
Message:
minherit() protect the forward shared memory segments childs of some childs. This would be the parser sandboxes mainly. We added some offsets in struct cfg which we scramble with arc4random() after so that potential hackers don't have these sizes served on a silver platter. From the minherit(2) manpage: MAP_INHERIT_NONE Pages are not mapped in the child process. I hope this makes it a bit safer. I also had to change the execution of some forks().
blob - 0a260facbed7194329a37a3655e8d6967b1156ad
blob + bd5466e25112751f4d5ba05a45ec08c456002bbd
--- ddd-db.h
+++ ddd-db.h
@@ -27,7 +27,7 @@
*/
/*
- * $Id: ddd-db.h,v 1.41 2020/07/10 10:42:27 pjp Exp $
+ * $Id: ddd-db.h,v 1.42 2020/07/11 20:43:18 pjp Exp $
*/
#ifndef _DB_H
@@ -360,8 +360,11 @@ struct cfg {
int nth;
pid_t pid;
char *shptr; /* shared memory 1 */
+ size_t shptrsize;
char *shptr2; /* shared memory 2 */
+ size_t shptr2size;
char *shptr3; /* shared memory 3 */
+ size_t shptr3size;
ddDB *db; /* database */
};
blob - 776ac50dae0cb5c39fa393c40c3daf55ef0e7310
blob + bf52d2c03a5848c2956ab7a79897122fa154749b
--- delphinusdnsd.c
+++ delphinusdnsd.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: delphinusdnsd.c,v 1.120 2020/07/11 15:11:41 pjp Exp $
+ * $Id: delphinusdnsd.c,v 1.121 2020/07/11 20:43:18 pjp Exp $
*/
@@ -1089,6 +1089,7 @@ main(int argc, char *argv[], char *environ[])
}
cfg->shptr = shptr;
+ cfg->shptrsize = shsize;
shsize = 16 + (SHAREDMEMSIZE * sizeof(struct rr_imsg));
@@ -1106,6 +1107,7 @@ main(int argc, char *argv[], char *environ[])
}
cfg->shptr2 = shptr;
+ cfg->shptr2size = shsize;
shsize = 16 + (SHAREDMEMSIZE3 * sizeof(struct fwdpq));
@@ -1123,6 +1125,7 @@ main(int argc, char *argv[], char *environ[])
}
cfg->shptr3 = shptr;
+ cfg->shptr3size = shsize;
switch (pid = fork()) {
case -1:
@@ -1175,6 +1178,13 @@ main(int argc, char *argv[], char *environ[])
cfg->sockcount = i;
cfg->db = db;
+ /* shptr has no business in parse process */
+ minherit(cfg->shptr, cfg->shptrsize,
+ MAP_INHERIT_NONE);
+ cfg->shptrsize = arc4random();
+ cfg->shptr2size = arc4random();
+ cfg->shptr3size = arc4random();
+
setproctitle("FORWARD engine");
forwardloop(db, cfg, ibuf, &cortex_ibuf);
/* NOTREACHED */
@@ -1619,7 +1629,59 @@ mainloop(struct cfg *cfg, struct imsgbuf *ibuf)
ssize_t n, datalen;
int ix;
+ pid = fork();
+ switch (pid) {
+ case -1:
+ dolog(LOG_ERR, "fork(): %s\n", strerror(errno));
+ exit(1);
+ case 0:
+ for (i = 0; i < cfg->sockcount; i++) {
+ close(cfg->udp[i]);
+ if (axfrport && axfrport != port)
+ close(cfg->axfr[i]);
+ }
+ tcp_ibuf = register_cortex(ibuf, MY_IMSG_TCP);
+ if (tcp_ibuf == NULL) {
+ ddd_shutdown();
+ exit(1);
+ }
+ /* shptr has no business in a tcp parse process */
+ if (forward) {
+ minherit(cfg->shptr, cfg->shptrsize,
+ MAP_INHERIT_NONE);
+ minherit(cfg->shptr2, cfg->shptr2size,
+ MAP_INHERIT_NONE);
+ minherit(cfg->shptr3, cfg->shptr3size,
+ MAP_INHERIT_NONE);
+ cfg->shptrsize = arc4random();
+ cfg->shptr2size = arc4random();
+ cfg->shptr3size = arc4random();
+ }
+ setproctitle("TCP engine %d", cfg->pid);
+ tcploop(cfg, tcp_ibuf, ibuf);
+ /* NOTREACHED */
+ exit(1);
+ default:
+ for (i = 0; i < cfg->sockcount; i++) {
+ close(cfg->tcp[i]);
+ }
+ break;
+ }
+
+ /* shptr has no business in a udp parse process */
+ if (forward) {
+ minherit(cfg->shptr, cfg->shptrsize,
+ MAP_INHERIT_NONE);
+ minherit(cfg->shptr2, cfg->shptr2size,
+ MAP_INHERIT_NONE);
+ minherit(cfg->shptr3, cfg->shptr3size,
+ MAP_INHERIT_NONE);
+ cfg->shptrsize = arc4random();
+ cfg->shptr2size = arc4random();
+ cfg->shptr3size = arc4random();
+ }
+
sforward = (struct sforward *)calloc(1, sizeof(struct sforward));
if (sforward == NULL) {
dolog(LOG_ERR, "calloc: %s\n", strerror(errno));
@@ -1652,11 +1714,9 @@ mainloop(struct cfg *cfg, struct imsgbuf *ibuf)
dolog(LOG_ERR, "fork(): %s\n", strerror(errno));
exit(1);
case 0:
+ /* close udp decriptors */
for (i = 0; i < cfg->sockcount; i++) {
close(cfg->udp[i]);
- close(cfg->tcp[i]);
- if (axfrport && axfrport != port)
- close(cfg->axfr[i]);
}
close(ibuf->fd);
close(udp_ibuf->fd);
@@ -1673,34 +1733,6 @@ mainloop(struct cfg *cfg, struct imsgbuf *ibuf)
break;
}
- pid = fork();
- switch (pid) {
- case -1:
- dolog(LOG_ERR, "fork(): %s\n", strerror(errno));
- exit(1);
- case 0:
- for (i = 0; i < cfg->sockcount; i++) {
- close(cfg->udp[i]);
- if (axfrport && axfrport != port)
- close(cfg->axfr[i]);
- }
- tcp_ibuf = register_cortex(ibuf, MY_IMSG_TCP);
- if (tcp_ibuf == NULL) {
- ddd_shutdown();
- exit(1);
- }
- close(udp_ibuf->fd);
- close(pibuf->fd);
- setproctitle("TCP engine %d", cfg->pid);
- tcploop(cfg, tcp_ibuf, ibuf);
- /* NOTREACHED */
- exit(1);
- default:
- for (i = 0; i < cfg->sockcount; i++) {
- close(cfg->tcp[i]);
- }
- break;
- }
#if __OpenBSD__
repomaster@centroid.eu