Hi,

Here's one more diff which removes the ability of iked(8) to create/delete
additional files by removing cpath promise from pledge(2).

OK?

Index: control.c
===================================================================
RCS file: /cvs/src/sbin/iked/control.c,v
retrieving revision 1.25
diff -u -p -u -r1.25 control.c
--- control.c   17 Jan 2017 22:10:55 -0000      1.25
+++ control.c   5 Aug 2018 09:57:24 -0000
@@ -65,10 +65,9 @@ control_run(struct privsep *ps, struct p
        /*
         * pledge in the control process:
         * stdio - for malloc and basic I/O including events.
-        * cpath - for unlinking the control socket.
         * unix - for the control socket.
         */
-       if (pledge("stdio cpath unix", NULL) == -1)
+       if (pledge("stdio unix", NULL) == -1)
                fatal("pledge");
 }
 
@@ -149,16 +148,6 @@ control_listen(struct control_sock *cs)
        evtimer_set(&cs->cs_evt, control_accept, cs);
 
        return (0);
-}
-
-void
-control_cleanup(struct control_sock *cs)
-{
-       if (cs->cs_name == NULL)
-               return;
-       event_del(&cs->cs_ev);
-       event_del(&cs->cs_evt);
-       (void)unlink(cs->cs_name);
 }
 
 /* ARGSUSED */
Index: iked.h
===================================================================
RCS file: /cvs/src/sbin/iked/iked.h,v
retrieving revision 1.118
diff -u -p -u -r1.118 iked.h
--- iked.h      16 Mar 2018 12:31:09 -0000      1.118
+++ iked.h      5 Aug 2018 09:57:25 -0000
@@ -648,7 +648,6 @@ void         parent_reload(struct iked *, int, 
 pid_t   control(struct privsep *, struct privsep_proc *);
 int     control_init(struct privsep *, struct control_sock *);
 int     control_listen(struct control_sock *);
-void    control_cleanup(struct control_sock *);
 
 /* config.c */
 struct iked_policy *
Index: proc.c
===================================================================
RCS file: /cvs/src/sbin/iked/proc.c,v
retrieving revision 1.30
diff -u -p -u -r1.30 proc.c
--- proc.c      9 Jan 2017 14:49:21 -0000       1.30
+++ proc.c      5 Aug 2018 09:57:25 -0000
@@ -291,9 +291,6 @@ proc_shutdown(struct privsep_proc *p)
 {
        struct privsep  *ps = p->p_ps;
 
-       if (p->p_id == PROC_CONTROL && ps)
-               control_cleanup(&ps->ps_csock);
-
        if (p->p_shutdown != NULL)
                (*p->p_shutdown)();
 

Reply via email to