>When syslogd is started with a relative path, the reexec in the
>parent process fails. The chdir(2) should be done after execvp(3)
>in the parrent so that the same executable is found. Note that the
>child always does a chdir(2) after chroot(2).
>
>This allows to start ./syslogd which is useful for debugging.
Interesting. I am surprised we haven't hit this in more privsep
programs. Oh wait, you are reusing the same path!
This is why sshd has to be started with an absolute path, to
avoid this problem. Path games like this worried us.
By removing this, you could be adding some subtle risk...
>Index: usr.sbin/syslogd/privsep.c
>===================================================================
>RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/privsep.c,v
>retrieving revision 1.64
>diff -u -p -r1.64 privsep.c
>--- usr.sbin/syslogd/privsep.c 16 Oct 2016 22:12:50 -0000 1.64
>+++ usr.sbin/syslogd/privsep.c 23 Dec 2016 22:23:05 -0000
>@@ -168,6 +168,8 @@ priv_exec(char *conf, int numeric, int c
> struct addrinfo hints, *res0;
> struct sigaction sa;
>
>+ chdir("/");
>+
> if (pledge("stdio rpath wpath cpath dns getpw sendfd id proc exec",
> NULL) == -1)
> err(1, "pledge priv");
>Index: usr.sbin/syslogd/syslogd.c
>===================================================================
>RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
>retrieving revision 1.223
>diff -u -p -r1.223 syslogd.c
>--- usr.sbin/syslogd/syslogd.c 30 Nov 2016 07:59:04 -0000 1.223
>+++ usr.sbin/syslogd/syslogd.c 23 Dec 2016 22:22:18 -0000
>@@ -684,8 +684,6 @@ main(int argc, char *argv[])
>
> logdebug("off & running....\n");
>
>- chdir("/");
>-
> tzset();
>
> if (!Debug && !Foreground) {
>
>
