Looks good to me.
Alexander Bluhm <[email protected]> wrote:
> Hi,
>
> When syslogd(8) parent exists, the file cleanup code does not work
> anymore. unveil(2) prevents removal.
>
> Removing the UNIX domain sockets is not necessary. They are harmless
> and unlinked before a new bind. I removed that code.
>
> /var/run/syslog.pid is a common feature so we want to keep it.
> Removing a stale pid file is a good idea. Adding a constant path
> to unveil is not a risk. So I added a unveil for delete.
>
> Note that the current implemetation triggers a vnode leak in the
> kernel. But that is another story.
>
> ok?
>
> bluhm
>
> Index: usr.sbin/syslogd/privsep.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/privsep.c,v
> retrieving revision 1.70
> diff -u -p -r1.70 privsep.c
> --- usr.sbin/syslogd/privsep.c 28 Jun 2019 13:32:51 -0000 1.70
> +++ usr.sbin/syslogd/privsep.c 4 Jul 2019 20:57:01 -0000
> @@ -190,6 +190,8 @@ priv_exec(char *conf, int numeric, int c
> err(1, "unveil");
> if (unveil(_PATH_DEV, "rw") == -1)
> err(1, "unveil");
> + if (unveil(_PATH_LOGPID, "c") == -1)
> + err(1, "unveil");
>
> /* for pipes */
> if (unveil(_PATH_BSHELL, "x") == -1)
> @@ -431,12 +433,6 @@ priv_exec(char *conf, int numeric, int c
> }
>
> close(sock);
> -
> - /* Unlink any domain sockets that have been opened */
> - for (i = 0; i < nunix; i++)
> - (void)unlink(path_unix[i]);
> - if (path_ctlsock != NULL)
> - (void)unlink(path_ctlsock);
>
> if (restart) {
> int status;
> Index: usr.sbin/syslogd/syslogd.c
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v
> retrieving revision 1.261
> diff -u -p -r1.261 syslogd.c
> --- usr.sbin/syslogd/syslogd.c 2 Jul 2019 13:17:27 -0000 1.261
> +++ usr.sbin/syslogd/syslogd.c 4 Jul 2019 21:03:09 -0000
> @@ -215,8 +215,6 @@ char *TypeNames[] = {
> SIMPLEQ_HEAD(filed_list, filed) Files;
> struct filed consfile;
>
> -int nunix; /* Number of Unix domain sockets requested */
> -char **path_unix; /* Paths to Unix domain sockets */
> int Debug; /* debug flag */
> int Foreground; /* run in foreground, instead of daemonizing */
> char LocalHostName[HOST_NAME_MAX+1]; /* our hostname */
> @@ -233,7 +231,6 @@ int NoDNS = 0; /* when true, refrain fr
> int ZuluTime = 0; /* display date and time in UTC ISO format */
> int IncludeHostname = 0; /* include RFC 3164 hostnames when forwarding */
> int Family = PF_UNSPEC; /* protocol family, may disable IPv4 or IPv6 */
> -char *path_ctlsock = NULL; /* Path to control socket */
>
> struct tls *server_ctx;
> struct tls_config *client_config, *server_config;
> @@ -372,7 +369,8 @@ main(int argc, char *argv[])
> int ch, i;
> int lockpipe[2] = { -1, -1}, pair[2], nullfd, fd;
> int fd_ctlsock, fd_klog, fd_sendsys, *fd_bind, *fd_listen;
> - int *fd_tls, *fd_unix, nbind, nlisten, ntls;
> + int *fd_tls, *fd_unix, nunix, nbind, nlisten, ntls;
> + char **path_unix, *path_ctlsock;
> char **bind_host, **bind_port, **listen_host, **listen_port;
> char *tls_hostport, **tls_host, **tls_port;
>
> @@ -386,6 +384,7 @@ main(int argc, char *argv[])
> err(1, "malloc %s", _PATH_LOG);
> path_unix[0] = _PATH_LOG;
> nunix = 1;
> + path_ctlsock = NULL;
>
> bind_host = listen_host = tls_host = NULL;
> bind_port = listen_port = tls_port = NULL;
> Index: usr.sbin/syslogd/syslogd.h
> ===================================================================
> RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.h,v
> retrieving revision 1.32
> diff -u -p -r1.32 syslogd.h
> --- usr.sbin/syslogd/syslogd.h 5 Oct 2017 16:15:24 -0000 1.32
> +++ usr.sbin/syslogd/syslogd.h 4 Jul 2019 20:57:24 -0000
> @@ -44,11 +44,6 @@ void ttymsg(struct iovec *, int, char *)
> void send_fd(int, int);
> int receive_fd(int);
>
> -/* The list of domain sockets */
> -extern int nunix;
> -extern char **path_unix;
> -extern char *path_ctlsock;
> -
> #define ERRBUFSIZE 256
> void vlogmsg(int pri, const char *, const char *, va_list);
> __dead void die(int);
>
