Currently when eigrpd(8) shuts down then its unix control socket is being

unlink(2)ed from eigrpe engine process, the problem is that this proc is
chrooted and therefore the socket will never be deleted.
In order to solve it we need to bring control_cleanup() function, which calls
unlink(2), into the main proc which is not chrooted. This is the way it's
already done for several other daemons we have in our base.
Additionally we also need to move the "cpath" pledge(2) promise from the child
process to the main process in order for the latter to be allowed to delete the
socket and while here shuffle the promises into their canonical form.

OK florian@ and benno@

diff --git a/usr.sbin/eigrpd/eigrpd.c b/usr.sbin/eigrpd/eigrpd.c
index 6e5d5dd..8fb673b 100644 (file)
--- a/usr.sbin/eigrpd/eigrpd.c
+++ b/usr.sbin/eigrpd/eigrpd.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: eigrpd.c,v 1.21 2016/09/02 17:59:58 benno Exp $ */
+/*     $OpenBSD: eigrpd.c,v 1.22 2018/08/02 06:28:35 mestre Exp $ */
 
 /*
  * Copyright (c) 2015 Renato Westphal <renato@openbsd.org>
@@ -36,6 +36,7 @@
 #include "eigrpe.h"
 #include "rde.h"
 #include "log.h"
+#include "control.h"
 
 static void             main_sig_handler(int, short, void *);
 static __dead void      usage(void);
@@ -167,6 +168,8 @@ main(int argc, char *argv[])
        else if (eflag)
                eigrpe(debug, global.cmd_opts & EIGRPD_OPT_VERBOSE, sockname);
 
+       global.csock = sockname;
+
        mib[0] = CTL_NET;
        mib[1] = PF_INET;
        mib[2] = IPPROTO_IP;
@@ -268,7 +271,7 @@ main(int argc, char *argv[])
            eigrpd_conf->rdomain) == -1)
                fatalx("kr_init failed");
 
-       if (pledge("inet rpath stdio sendfd", NULL) == -1)
+       if (pledge("inet rpath cpath stdio sendfd", NULL) == -1)
                fatal("pledge");
 
        event_dispatch();
@@ -290,6 +293,7 @@ eigrpd_shutdown(void)
        msgbuf_clear(&iev_rde->ibuf.w);
        close(iev_rde->ibuf.fd);
 
+       control_cleanup(global.csock);
        kr_shutdown();
        config_clear(eigrpd_conf);
 

diff --git a/usr.sbin/eigrpd/eigrpe.c b/usr.sbin/eigrpd/eigrpe.c
index 5daba29..afe92e6 100644 (file)
--- a/usr.sbin/eigrpd/eigrpe.c
+++ b/usr.sbin/eigrpd/eigrpe.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: eigrpe.c,v 1.34 2016/09/02 17:59:58 benno Exp $ */
+/*     $OpenBSD: eigrpe.c,v 1.35 2018/08/02 06:28:35 mestre Exp $ */
 
 /*
  * Copyright (c) 2015 Renato Westphal <renato@openbsd.org>
@@ -133,7 +133,7 @@ eigrpe(int debug, int verbose, char *sockname)
            setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
                fatal("can't drop privileges");
 
-       if (pledge("stdio cpath inet mcast recvfd", NULL) == -1)
+       if (pledge("stdio inet mcast recvfd", NULL) == -1)
                fatal("pledge");
 
        event_init();
@@ -187,7 +187,6 @@ eigrpe_shutdown(void)
        msgbuf_clear(&iev_main->ibuf.w);
        close(iev_main->ibuf.fd);
 
-       control_cleanup(global.csock);
        config_clear(econf);
 
        event_del(&ev4);