On Tue, Oct 30, 2018 at 05:31:04PM +0000, Ricardo Mestre wrote:
> clearly an oversight due to looking at too many daemons at the same
> time. since the only thing ripd needs to do is unlink the socket I think
> we can remove control_cleanup, even though I'd rather do this
> introducing pledge, but for now it's a great compromise.
>
In addition to your diff this pledges the rde and ripe.
OK?
Index: control.c
===================================================================
RCS file: /cvs/src/usr.sbin/ripd/control.c,v
retrieving revision 1.25
diff -u -p -r1.25 control.c
--- control.c 17 Jan 2017 22:10:56 -0000 1.25
+++ control.c 3 Nov 2018 09:11:39 -0000
@@ -100,14 +100,6 @@ control_listen(void)
return (0);
}
-void
-control_cleanup(char *path)
-{
- event_del(&control_state.ev);
- event_del(&control_state.evt);
- unlink(path);
-}
-
/* ARGSUSED */
void
control_accept(int listenfd, short event, void *bula)
Index: control.h
===================================================================
RCS file: /cvs/src/usr.sbin/ripd/control.h,v
retrieving revision 1.5
diff -u -p -r1.5 control.h
--- control.h 2 Aug 2016 16:05:32 -0000 1.5
+++ control.h 3 Nov 2018 09:11:20 -0000
@@ -39,6 +39,5 @@ int control_listen(void);
void control_accept(int, short, void *);
void control_dispatch_imsg(int, short, void *);
int control_imsg_relay(struct imsg *);
-void control_cleanup(char *);
#endif /* _CONTROL_H_ */
Index: rde.c
===================================================================
RCS file: /cvs/src/usr.sbin/ripd/rde.c,v
retrieving revision 1.21
diff -u -p -r1.21 rde.c
--- rde.c 3 Sep 2016 10:28:08 -0000 1.21
+++ rde.c 3 Nov 2018 07:38:41 -0000
@@ -109,6 +109,9 @@ rde(struct ripd_conf *xconf, int pipe_pa
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
fatal("can't drop privileges");
+ if (pledge("stdio", NULL) == -1)
+ fatal("pledge");
+
event_init();
/* setup signal handler */
Index: ripd.c
===================================================================
RCS file: /cvs/src/usr.sbin/ripd/ripd.c,v
retrieving revision 1.30
diff -u -p -r1.30 ripd.c
--- ripd.c 3 Sep 2016 10:28:08 -0000 1.30
+++ ripd.c 3 Nov 2018 09:14:38 -0000
@@ -211,6 +211,11 @@ main(int argc, char *argv[])
rde_pid = rde(conf, pipe_parent2rde, pipe_ripe2rde, pipe_parent2ripe);
ripe_pid = ripe(conf, pipe_parent2ripe, pipe_ripe2rde, pipe_parent2rde);
+ if (unveil("/", "") == -1)
+ fatal("unveil");
+ if (unveil(NULL, NULL) == -1)
+ fatal("unveil");
+
event_init();
/* setup signal handler */
@@ -276,7 +281,6 @@ ripd_shutdown(void)
if_del(i);
}
- control_cleanup(conf->csock);
kr_shutdown();
log_debug("waiting for children to terminate");
Index: ripe.c
===================================================================
RCS file: /cvs/src/usr.sbin/ripd/ripe.c,v
retrieving revision 1.22
diff -u -p -r1.22 ripe.c
--- ripe.c 3 Sep 2016 10:28:08 -0000 1.22
+++ ripe.c 3 Nov 2018 09:07:24 -0000
@@ -196,6 +196,9 @@ ripe(struct ripd_conf *xconf, int pipe_p
iface->name);
}
+ if (pledge("stdio inet mcast", NULL) == -1)
+ fatal("pledge");
+
evtimer_set(&oeconf->report_timer, report_timer, oeconf);
start_report_timer();
