[Midnightbsd-cvs] [MidnightBSD/src] 1abbea: prowld: fix privilege drop errors, dir perms, env ...

Lucas Holt noreply at github.com
Sat Apr 18 12:11:21 EDT 2026 

  Branch: refs/heads/feature/prowl
  Home:   https://github.com/MidnightBSD/src
  Commit: 1abbeabf819ecb03aa59f8cd6ddf2fb55a27517e
      https://github.com/MidnightBSD/src/commit/1abbeabf819ecb03aa59f8cd6ddf2fb55a27517e
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2026-04-18 (Sat, 18 Apr 2026)

  Changed paths:
    M sbin/prowlctl/prowlctl.c
    M sbin/prowld/prowld.c
    M sbin/prowld/prowld.h
    M sbin/prowld/supervisor.c
    M sbin/prowld/unit.c

  Log Message:
  -----------
  prowld: fix privilege drop errors, dir perms, env validation, MSG_MAX doc

supervisor.c:
- Check return values of setgroups(2), setgid(2), setuid(2) in
  drop_privileges() and call _exit(1) on failure, logging via
  syslog(3) (async-signal-safe).  Previously a failed privilege
  drop allowed the child to continue with elevated permissions.

prowld.c:
- Give PROWLD_NOTIFY_DIR and PROWLD_MASK_DIR mode 0700 (root-only).
  These dirs hold readiness-notification pipes and mask symlinks
  that must not be writable or searchable by unprivileged users.
  PROWLD_RUN_DIR stays 0755 (world-searchable for socket access)
  and PROWLD_DB_DIR stays 0755 (world-readable for tooling).

unit.c:
- Add env_key_valid(): reject environment keys that are empty or
  contain characters outside [A-Za-z0-9_], preventing embedding of
  NUL bytes or shell metacharacters into the process environment.
- Expand envbuf to PROWL_PATH_MAX and check snprintf return value;
  skip and warn if key+value would be truncated.

prowlctl.c:
- Document that MSG_MAX must match IPC_MSG_MAX in prowld.h to keep
  protocol framing bounds consistent.

prowld.h:
- Add comment mandating write->fsync->rename atomic-write pattern
  for all future persistent state files (timer state etc.).

AI-Assisted-by: Claude Sonnet 4.6
Signed-off-by: Lucas Holt <luke at foolishgames.com>



To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications

More information about the Midnightbsd-cvs mailing list