After #1175 removed ioctl(2) fallback code shelling out to ifconfig(8),
there is no code left (compiled on OpenBSD) that would fork(2) or
execve(2).
Drop the ability to run any executable file to double down on this, thus
reducing the attack surface of this this experimental, internet facing
daemon running as root.
pledge(2) is doable, but needs more polish.
unveil(2), however, is as simple as it gets.
On other systems, this code is a NOOP, but can still help to implement
similar safety belts.
- Use unambiguous variable names (w/o package name conflict).
- Fail on invalid input such as the empty string or `:`.
- Do not change group without user, i.e. fail on `:group`.
- Parse input using mnemonic APIs.
- Do not juggle between integer types.
- Unset supplementary groups.
- Use set[ug]id(2) to follow the idiom of OpenBSD base programs.
(cannot use setres[ug]id(2) as macOS does not have them.)
Includes/Supersedes #1202.
Fixes#927.
I only tested on OpenBSD (so far), but other systems should just work.
Changing the real and effective user/group IDs and the saved
set-user/group-ID is not enough to get rid of intial access permissions.
The list of groups must be cleared also, otherwise a process changing
from, e.g. `root:root` to `nobody:nobody` retains rights to access
`:wheel` files (assuming `root` is a member of the `wheel` group).
For example:
```
# id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)
# ./yggdrasil -autoconf -logto /dev/null -user nobody &
[1] 4337
# ps -o command,user,group,supgrp -U nobody
COMMAND USER GROUP SUPGRP
./yggdrasil -aut nobody nobody wheel,kmem,sys,tty,operator,staff,guest
```
Fix that so the process runs as mere
```
COMMAND USER GROUP SUPGRP
./yggdrasil -aut nobody nobody nobody
```
Fixes#927.
different from
https://github.com/yggdrasil-network/yggdrasil-go/pull/817 in that it
can resolve user names, automatically use user's primary gid & allows
specifying gid in the same argument, with `:` eg `username:groupname`.
feel free to criticize & suggest different argument name & description
because i didn't put much of thought to that.
---------
Co-authored-by: Neil <git@neilalexander.dev>
Co-authored-by: VNAT <xepjk@protonmail.com>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
This PR updates Ironwood to include the new RTT-based link costing and
updates `yggdrasilctl` to report the cost in `getPeers`.
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
* Update Debian package
* Don't put `AdminListen` in config by default, fix path in Debian package
* Fix path in unit file
* Preserve original service files for other packages
---------
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
This change is to display information about the key generation process.
Specifically, two bits of information are now displayed
* The number of threads created to search for keys, and
* The time taken to generate a successful "next best" key
It is expected a syslog implementation be it rsyslog or journald to
have their own timestamping, so there's no point in duplicating that
info.
Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name>
* Allow setting link priorities
* Fix a bug
* Allow setting priority on listeners and multicast interfaces
* Update `yggdrasilctl`
* Update to Arceliar/ironwood#5
This refactors the request parsing, as well as improving the output for some request types. It also tweaks `yggdrasilctl` output, which should help with #947.
* Link refactoring
* More refactoring
* More tweaking
* Cleaner shutdowns, UNIX socket support, more tweaks
* Actorise links, remove mutex
* SOCKS support
