When inetd listens on a unix domain socket AND at least one process
connects to that socket, then when inetd shuts down it tries to
unlink the socket and aborts because it lacks pledge("cpath").
Repro steps:
# echo '/tmp/test.sock stream unix nowait nobody /usr/bin/true true'
>>inetd.conf
# /usr/sbin/inetd
# nc -U /tmp/test.sock
# date && pkill inetd
# tail /var/log/messages
Index: inetd.c
===================================================================
RCS file: /cvs/src/usr.sbin/inetd/inetd.c,v
retrieving revision 1.154
diff -u -p -r1.154 inetd.c
--- inetd.c 25 Aug 2016 05:23:19 -0000 1.154
+++ inetd.c 4 Oct 2017 00:05:53 -0000
@@ -1763,8 +1763,13 @@ spawn(int ctrl, short events, void *xsep
return;
}
- if (pledge("stdio rpath getpw inet proc exec id", NULL) == -1)
- err(1, "pledge");
+ if (sep->se_family == AF_UNIX) {
+ if (pledge("stdio rpath cpath getpw inet proc exec id", NULL)
== -1)
+ err(1, "pledge");
+ } else {
+ if (pledge("stdio rpath getpw inet proc exec id", NULL) == -1)
+ err(1, "pledge");
+ }
if (pid && sep->se_wait) {
sep->se_wait = pid;
