From eea063d2bd2142b90b55603a38bc5656ba13d7ec Mon Sep 17 00:00:00 2001 From: mestre Date: Sun, 5 Aug 2018 08:16:24 +0000 Subject: [PATCH] Remove cpath pledge(2) promise. We decided that not deleting the unix control sockets cause no harm and this way we close another attack surface by not allowing the daemon to create/delete any more files. OK akoshibe@ florian@ --- usr.sbin/switchd/control.c | 15 ++------------- usr.sbin/switchd/proc.c | 5 +---- usr.sbin/switchd/proc.h | 3 +-- 3 files changed, 4 insertions(+), 19 deletions(-) diff --git a/usr.sbin/switchd/control.c b/usr.sbin/switchd/control.c index 9cc78fb3745..1d12bcaa09c 100644 --- a/usr.sbin/switchd/control.c +++ b/usr.sbin/switchd/control.c @@ -1,4 +1,4 @@ -/* $OpenBSD: control.c,v 1.8 2017/01/17 22:10:56 krw Exp $ */ +/* $OpenBSD: control.c,v 1.9 2018/08/05 08:16:24 mestre Exp $ */ /* * Copyright (c) 2010-2016 Reyk Floeter @@ -70,11 +70,10 @@ control_run(struct privsep *ps, struct privsep_proc *p, void *arg) /* * pledge in the control process: * stdio - for malloc and basic I/O including events. - * cpath - for managing the control socket. * unix - for the control socket. * recvfd - for the proc fd exchange. */ - if (pledge("stdio cpath unix recvfd", NULL) == -1) + if (pledge("stdio unix recvfd", NULL) == -1) fatal("pledge"); } @@ -196,16 +195,6 @@ control_listen(struct control_sock *cs) return (0); } -void -control_cleanup(struct control_sock *cs) -{ - if (cs->cs_name == NULL) - return; - event_del(&cs->cs_ev); - event_del(&cs->cs_evt); - (void)unlink(cs->cs_name); -} - /* ARGSUSED */ void control_accept(int listenfd, short event, void *arg) diff --git a/usr.sbin/switchd/proc.c b/usr.sbin/switchd/proc.c index 94ee34bfe9f..6a69d458fa6 100644 --- a/usr.sbin/switchd/proc.c +++ b/usr.sbin/switchd/proc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.c,v 1.12 2017/05/29 12:56:26 benno Exp $ */ +/* $OpenBSD: proc.c,v 1.13 2018/08/05 08:16:24 mestre Exp $ */ /* * Copyright (c) 2010 - 2016 Reyk Floeter @@ -475,9 +475,6 @@ proc_shutdown(struct privsep_proc *p) { struct privsep *ps = p->p_ps; - if (p->p_id == PROC_CONTROL && ps) - control_cleanup(&ps->ps_csock); - if (p->p_shutdown != NULL) (*p->p_shutdown)(); diff --git a/usr.sbin/switchd/proc.h b/usr.sbin/switchd/proc.h index f219d1c379d..db857b68107 100644 --- a/usr.sbin/switchd/proc.h +++ b/usr.sbin/switchd/proc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.h,v 1.6 2017/01/09 14:49:22 reyk Exp $ */ +/* $OpenBSD: proc.h,v 1.7 2018/08/05 08:16:24 mestre Exp $ */ /* * Copyright (c) 2010-2015 Reyk Floeter @@ -160,7 +160,6 @@ int proc_flush_imsg(struct privsep *, enum privsep_procid, int); /* control.c */ int control_init(struct privsep *, struct control_sock *); int control_listen(struct control_sock *); -void control_cleanup(struct control_sock *); struct ctl_conn *control_connbyfd(int); void control(struct privsep *, struct privsep_proc *); -- 2.20.1