From eb073997ed712c65eb5d1d1ce4c43fbc10c97913 Mon Sep 17 00:00:00 2001
From: mestre <mestre@openbsd.org>
Date: Mon, 6 Aug 2018 06:30:06 +0000
Subject: [PATCH] Remove cpath pledge(2) promise. We decided that not deleting
 the unix control sockets cause no harm and this way we close another attack
 surface by not allowing the daemon to create/delete any more files.

OK kn@
---
 sbin/iked/control.c | 15 ++-------------
 sbin/iked/iked.h    |  3 +--
 sbin/iked/proc.c    |  5 +----
 3 files changed, 4 insertions(+), 19 deletions(-)

diff --git a/sbin/iked/control.c b/sbin/iked/control.c
index 6580584e930..67466c6a555 100644
--- a/sbin/iked/control.c
+++ b/sbin/iked/control.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: control.c,v 1.25 2017/01/17 22:10:55 krw Exp $	*/
+/*	$OpenBSD: control.c,v 1.26 2018/08/06 06:30:06 mestre Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -65,10 +65,9 @@ control_run(struct privsep *ps, struct privsep_proc *p, void *arg)
 	/*
 	 * pledge in the control process:
 	 * stdio - for malloc and basic I/O including events.
-	 * cpath - for unlinking the control socket.
 	 * unix - for the control socket.
 	 */
-	if (pledge("stdio cpath unix", NULL) == -1)
+	if (pledge("stdio unix", NULL) == -1)
 		fatal("pledge");
 }
 
@@ -151,16 +150,6 @@ control_listen(struct control_sock *cs)
 	return (0);
 }
 
-void
-control_cleanup(struct control_sock *cs)
-{
-	if (cs->cs_name == NULL)
-		return;
-	event_del(&cs->cs_ev);
-	event_del(&cs->cs_evt);
-	(void)unlink(cs->cs_name);
-}
-
 /* ARGSUSED */
 void
 control_accept(int listenfd, short event, void *arg)
diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h
index 49b7333c7b1..9e2972c6ebf 100644
--- a/sbin/iked/iked.h
+++ b/sbin/iked/iked.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: iked.h,v 1.118 2018/03/16 12:31:09 mpi Exp $	*/
+/*	$OpenBSD: iked.h,v 1.119 2018/08/06 06:30:06 mestre Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -648,7 +648,6 @@ void	 parent_reload(struct iked *, int, const char *);
 pid_t	 control(struct privsep *, struct privsep_proc *);
 int	 control_init(struct privsep *, struct control_sock *);
 int	 control_listen(struct control_sock *);
-void	 control_cleanup(struct control_sock *);
 
 /* config.c */
 struct iked_policy *
diff --git a/sbin/iked/proc.c b/sbin/iked/proc.c
index d23c0bcfc84..1602f0fe275 100644
--- a/sbin/iked/proc.c
+++ b/sbin/iked/proc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: proc.c,v 1.30 2017/01/09 14:49:21 reyk Exp $	*/
+/*	$OpenBSD: proc.c,v 1.31 2018/08/06 06:30:06 mestre Exp $	*/
 
 /*
  * Copyright (c) 2010 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -291,9 +291,6 @@ proc_shutdown(struct privsep_proc *p)
 {
 	struct privsep	*ps = p->p_ps;
 
-	if (p->p_id == PROC_CONTROL && ps)
-		control_cleanup(&ps->ps_csock);
-
 	if (p->p_shutdown != NULL)
 		(*p->p_shutdown)();
 
-- 
2.20.1