[Midnightbsd-cvs] [MidnightBSD/src] d8db11: prowld: add rc-shim trust checks; fail on invalid ...
Lucas Holt
noreply at github.com
Sun Apr 19 00:19:07 EDT 2026
Branch: refs/heads/master
Home: https://github.com/MidnightBSD/src
Commit: d8db1177f0692a90f6bd35215104c530f2d81981
https://github.com/MidnightBSD/src/commit/d8db1177f0692a90f6bd35215104c530f2d81981
Author: Lucas Holt <luke at foolishgames.com>
Date: 2026-04-19 (Sun, 19 Apr 2026)
Changed paths:
M sbin/prowld/rcshim.c
M sbin/prowld/socket_activation.c
Log Message:
-----------
prowld: add rc-shim trust checks; fail on invalid inet_pton addresses
rcshim.c: apply the same ownership and writability guards to rc.d
scripts that unit_load_file() applies to native unit files. rc-shims
are executed as root via execve so a non-root-owned or world-writable
script is an arbitrary-code-execution risk. switch stat(2) to lstat(2)
so symlinks are rejected by the existing S_ISREG test rather than
silently followed. Scripts failing either check are skipped with a
LOG_WARNING identifying the path and the reason.
socket_activation.c: check inet_pton(3) return values for both AF_INET
and AF_INET6 in socket_bind_one(). inet_pton returns 0 for an invalid
address string; ignoring it left the sockaddr zeroed (INADDR_ANY /
in6addr_any) so a typo in the host field silently bound to all interfaces
instead of failing. Return -1 and log LOG_ERR on invalid addresses so
misconfigured loopback-only services get a clean config failure rather
than unintended network exposure.
AI-Assisted-by: Claude Sonnet 4.6
To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications
More information about the Midnightbsd-cvs
mailing list