Revert back previous commit, we have decided that socket files don't cause any

harm if not deleted after the daemon is shutdown and at the same time we also
tackle another attack surface by not allowing the program to create/delete
any more files (by removing "cpath" promise from pledge(2)).

Discussion initiated by a question from deraadt@ OK florian@

diff --git a/usr.sbin/ntpd/control.c b/usr.sbin/ntpd/control.c
index e726b8e..aa3b789 100644 (file)
--- a/usr.sbin/ntpd/control.c
+++ b/usr.sbin/ntpd/control.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: control.c,v 1.12 2017/01/09 14:04:31 krw Exp $ */
+/*     $OpenBSD: control.c,v 1.13 2018/08/04 11:07:14 mestre Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -99,13 +99,6 @@ control_shutdown(int fd)
        close(fd);
 }
 
-void
-control_cleanup(const char *path)
-{
-       if (path)
-               unlink(path);
-}
-
 int
 control_accept(int listenfd)
 {

diff --git a/usr.sbin/ntpd/ntpd.c b/usr.sbin/ntpd/ntpd.c
index aba1322..664fff4 100644 (file)
--- a/usr.sbin/ntpd/ntpd.c
+++ b/usr.sbin/ntpd/ntpd.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ntpd.c,v 1.114 2018/08/02 13:05:34 mestre Exp $ */
+/*     $OpenBSD: ntpd.c,v 1.115 2018/08/04 11:07:14 mestre Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -244,7 +244,7 @@ main(int argc, char *argv[])
         * Constraint processes are forked with certificates in memory,
         * then privdrop into chroot before speaking to the outside world.
         */
-       if (pledge("stdio rpath cpath inet settime proc exec id", NULL) == -1)
+       if (pledge("stdio rpath inet settime proc exec id", NULL) == -1)
                err(1, "pledge");
 
        while (quit == 0) {
@@ -327,7 +327,6 @@ main(int argc, char *argv[])
 
        msgbuf_clear(&ibuf->w);
        free(ibuf);
-       control_cleanup(CTLSOCKET);
        log_info("Terminating");
        return (0);
 }

diff --git a/usr.sbin/ntpd/ntpd.h b/usr.sbin/ntpd/ntpd.h
index 30ef206..deaf2a9 100644 (file)
--- a/usr.sbin/ntpd/ntpd.h
+++ b/usr.sbin/ntpd/ntpd.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ntpd.h,v 1.135 2017/05/30 23:30:48 benno Exp $ */
+/*     $OpenBSD: ntpd.h,v 1.136 2018/08/04 11:07:14 mestre Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -397,7 +397,6 @@ void                        ntp_dns(struct ntpd_conf *, struct passwd *);
 int                     control_init(char *);
 int                     control_listen(int);
 void                    control_shutdown(int);
-void                    control_cleanup(const char *);
 int                     control_accept(int);
 struct ctl_conn                *control_connbyfd(int);
 int                     control_close(int);