From 7b9d9ca1a6f60b7ebff567dcb4cec0ea370500a2 Mon Sep 17 00:00:00 2001 From: mestre <> Date: Sat, 4 Aug 2018 11:07:14 +0000 Subject: [PATCH] Revert back previous commit, we have decided that socket files don't cause any harm if not deleted after the daemon is shutdown and at the same time we also tackle another attack surface by not allowing the program to create/delete any more files (by removing "cpath" promise from pledge(2)). Discussion initiated by a question from deraadt@ OK florian@ --- src/usr.sbin/ntpd/control.c | 9 +-------- src/usr.sbin/ntpd/ntpd.c | 5 ++--- src/usr.sbin/ntpd/ntpd.h | 3 +-- 3 files changed, 4 insertions(+), 13 deletions(-) diff --git a/src/usr.sbin/ntpd/control.c b/src/usr.sbin/ntpd/control.c index e726b8e5..aa3b7897 100644 --- a/src/usr.sbin/ntpd/control.c +++ b/src/usr.sbin/ntpd/control.c @@ -1,4 +1,4 @@ -/* $OpenBSD: control.c,v 1.12 2017/01/09 14:04:31 krw Exp $ */ +/* $OpenBSD: control.c,v 1.13 2018/08/04 11:07:14 mestre Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -99,13 +99,6 @@ control_shutdown(int fd) close(fd); } -void -control_cleanup(const char *path) -{ - if (path) - unlink(path); -} - int control_accept(int listenfd) { diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c index aba13223..664fff4b 100644 --- a/src/usr.sbin/ntpd/ntpd.c +++ b/src/usr.sbin/ntpd/ntpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.c,v 1.114 2018/08/02 13:05:34 mestre Exp $ */ +/* $OpenBSD: ntpd.c,v 1.115 2018/08/04 11:07:14 mestre Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -244,7 +244,7 @@ main(int argc, char *argv[]) * Constraint processes are forked with certificates in memory, * then privdrop into chroot before speaking to the outside world. */ - if (pledge("stdio rpath cpath inet settime proc exec id", NULL) == -1) + if (pledge("stdio rpath inet settime proc exec id", NULL) == -1) err(1, "pledge"); while (quit == 0) { @@ -327,7 +327,6 @@ main(int argc, char *argv[]) msgbuf_clear(&ibuf->w); free(ibuf); - control_cleanup(CTLSOCKET); log_info("Terminating"); return (0); } diff --git a/src/usr.sbin/ntpd/ntpd.h b/src/usr.sbin/ntpd/ntpd.h index 30ef206b..deaf2a9a 100644 --- a/src/usr.sbin/ntpd/ntpd.h +++ b/src/usr.sbin/ntpd/ntpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.h,v 1.135 2017/05/30 23:30:48 benno Exp $ */ +/* $OpenBSD: ntpd.h,v 1.136 2018/08/04 11:07:14 mestre Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -397,7 +397,6 @@ void ntp_dns(struct ntpd_conf *, struct passwd *); int control_init(char *); int control_listen(int); void control_shutdown(int); -void control_cleanup(const char *); int control_accept(int); struct ctl_conn *control_connbyfd(int); int control_close(int);