From 13184223e44845b185350ba7e15c3cc24a89fd78 Mon Sep 17 00:00:00 2001 From: mestre Date: Sun, 5 Aug 2018 08:20:54 +0000 Subject: [PATCH] Remove cpath pledge(2) promise. We decided that not deleting the unix control sockets cause no harm and this way we close another attack surface by not allowing the daemon to create/delete any more files. OK florian@ --- usr.sbin/vmd/control.c | 14 ++------------ usr.sbin/vmd/proc.c | 5 +---- usr.sbin/vmd/proc.h | 8 +------- 3 files changed, 4 insertions(+), 23 deletions(-) diff --git a/usr.sbin/vmd/control.c b/usr.sbin/vmd/control.c index 9d2ec09e20e..2d3f0b804ec 100644 --- a/usr.sbin/vmd/control.c +++ b/usr.sbin/vmd/control.c @@ -1,4 +1,4 @@ -/* $OpenBSD: control.c,v 1.28 2018/07/13 08:42:49 reyk Exp $ */ +/* $OpenBSD: control.c,v 1.29 2018/08/05 08:20:54 mestre Exp $ */ /* * Copyright (c) 2010-2015 Reyk Floeter @@ -67,12 +67,11 @@ control_run(struct privsep *ps, struct privsep_proc *p, void *arg) /* * pledge in the control process: * stdio - for malloc and basic I/O including events. - * cpath - for managing the control socket. * unix - for the control socket. * recvfd - for the proc fd exchange. * sendfd - for send and receive. */ - if (pledge("stdio cpath unix recvfd sendfd", NULL) == -1) + if (pledge("stdio unix recvfd sendfd", NULL) == -1) fatal("pledge"); } @@ -205,15 +204,6 @@ control_listen(struct control_sock *cs) return (0); } -void -control_cleanup(struct control_sock *cs) -{ - if (cs->cs_name == NULL) - return; - event_del(&cs->cs_ev); - event_del(&cs->cs_evt); -} - /* ARGSUSED */ void control_accept(int listenfd, short event, void *arg) diff --git a/usr.sbin/vmd/proc.c b/usr.sbin/vmd/proc.c index 5443bdb9262..b37036908cd 100644 --- a/usr.sbin/vmd/proc.c +++ b/usr.sbin/vmd/proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.c,v 1.16 2017/11/04 07:40:31 mlarkin Exp $ */ +/* $OpenBSD: proc.c,v 1.17 2018/08/05 08:20:54 mestre Exp $ */ /* * Copyright (c) 2010 - 2016 Reyk Floeter @@ -475,9 +475,6 @@ proc_shutdown(struct privsep_proc *p) { struct privsep *ps = p->p_ps; - if (p->p_id == PROC_CONTROL && ps) - control_cleanup(&ps->ps_csock); - if (p->p_shutdown != NULL) (*p->p_shutdown)(); diff --git a/usr.sbin/vmd/proc.h b/usr.sbin/vmd/proc.h index f0e4704aefb..01361076f54 100644 --- a/usr.sbin/vmd/proc.h +++ b/usr.sbin/vmd/proc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.h,v 1.14 2018/07/15 14:36:54 reyk Exp $ */ +/* $OpenBSD: proc.h,v 1.15 2018/08/05 08:20:54 mestre Exp $ */ /* * Copyright (c) 2010-2015 Reyk Floeter @@ -69,11 +69,6 @@ struct control_sock { }; TAILQ_HEAD(control_socks, control_sock); -struct { - struct event ev; - int fd; -} control_state; - struct ctl_conn { TAILQ_ENTRY(ctl_conn) entry; uint8_t flags; @@ -197,7 +192,6 @@ void control(struct privsep *, struct privsep_proc *); int control_init(struct privsep *, struct control_sock *); int control_reset(struct control_sock *); int control_listen(struct control_sock *); -void control_cleanup(struct control_sock *); /* log.c */ void log_init(int, int); -- 2.20.1