From: dv <dv@openbsd.org>
Date: Thu, 30 Dec 2021 20:38:43 +0000 (+0000)
Subject: relayd(8): don't create sockets between CAs and RELAYs.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=b27c3a9c3f12d6a577e562b7402e353a60819873;p=openbsd

relayd(8): don't create sockets between CAs and RELAYs.

CA and RELAY process types don't need to communicate with other CA
or RELAY processes respectively, so don't create and distribute ipc
socketpairs.

Tested by and ok denis@
---

diff --git a/usr.sbin/relayd/proc.c b/usr.sbin/relayd/proc.c
index 1b26a5ed466..1407f58fee6 100644
--- a/usr.sbin/relayd/proc.c
+++ b/usr.sbin/relayd/proc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: proc.c,v 1.41 2021/04/20 21:11:56 dv Exp $	*/
+/*	$OpenBSD: proc.c,v 1.42 2021/12/30 20:38:43 dv Exp $	*/
 
 /*
  * Copyright (c) 2010 - 2016 Reyk Floeter <reyk@openbsd.org>
@@ -419,6 +419,11 @@ proc_open(struct privsep *ps, int src, int dst)
 			if (src == dst && i == j)
 				continue;
 
+			/* No need for CA to CA or RELAY to RELAY sockets. */
+			if ((src == PROC_CA && dst == PROC_CA) ||
+			    (src == PROC_RELAY && dst == PROC_RELAY))
+				continue;
+
 			pa = &ps->ps_pipes[src][i];
 			pb = &ps->ps_pipes[dst][j];
 			if (socketpair(AF_UNIX,