On Tue, Oct 30, 2018 at 10:54:10AM -0600, Theo de Raadt wrote: > Remi Locherer <remi.loche...@relo.ch> wrote: > > > On Tue, Oct 30, 2018 at 03:20:35PM +0000, Ricardo Mestre wrote: > > > Hi, > > > > > > After all files are opened ripd(8) can have the fs access disabled just > > > before > > > each process main loop. Its 2 childs already run under chroot, but since > > > they > > > are still not pledged at least they have no way to read/write/create > > > files within > > > the chroot. No loads or reloads of the config file happen through any > > > signal, > > > nor can we do it via ripctl(8). > > > > > > I was able to run a simple daemon with the example file. Comments? OK? > > > > control_cleanup() unlinks the control socket on exit. I think you should > > either unveil(conf->csock, "c") or remove control_cleanup(). > > I don't understand this latter comment, let me ask. > > You think it is smart to leave these sockets lying around? > > I suspect there are a few oddball programs where it makes senes, but as > a general rule I think it is a bad idea; as stated in other threads it > means control programs and restart sequences have a bunch more oddball > behaviours which will be inconsistant. >
I prefer if sockets get removed on exit. But I was not sure if this is just my personal taste.