i'm not sure that pledge there is correct. spawn() gets calles from gettcp() which gets called from the main event loop, and directly from the event loop.
The pledge here might be a convenient place to reduce pledges after the initialization phase? It takes away the "cpath dns unix" pledges. Now, cpath is still needed later,, as you dicovered. "dns" maybe too, as getnameinfo() is called in gettcp(). So either your diff is correct, or we should only take away "unix" here. CC theo and jca as they did the original pledge here. Anthony Coulter([email protected]) on 2017.10.03 20:10:41 -0400: > When inetd listens on a unix domain socket AND at least one process > connects to that socket, then when inetd shuts down it tries to > unlink the socket and aborts because it lacks pledge("cpath"). > > Repro steps: > # echo '/tmp/test.sock stream unix nowait nobody /usr/bin/true true' > >>inetd.conf > # /usr/sbin/inetd > # nc -U /tmp/test.sock > # date && pkill inetd > # tail /var/log/messages > > Index: inetd.c > =================================================================== > RCS file: /cvs/src/usr.sbin/inetd/inetd.c,v > retrieving revision 1.154 > diff -u -p -r1.154 inetd.c > --- inetd.c 25 Aug 2016 05:23:19 -0000 1.154 > +++ inetd.c 4 Oct 2017 00:05:53 -0000 > @@ -1763,8 +1763,13 @@ spawn(int ctrl, short events, void *xsep > return; > } > > - if (pledge("stdio rpath getpw inet proc exec id", NULL) == -1) > - err(1, "pledge"); > + if (sep->se_family == AF_UNIX) { > + if (pledge("stdio rpath cpath getpw inet proc exec id", NULL) > == -1) > + err(1, "pledge"); > + } else { > + if (pledge("stdio rpath getpw inet proc exec id", NULL) == -1) > + err(1, "pledge"); > + } > > if (pid && sep->se_wait) { > sep->se_wait = pid; >
