harm if not deleted after the daemon is shutdown and at the same time we also
tackle another attack surface by not allowing the program to create/delete
any more files (by removing "cpath" promise from pledge(2)).
Discussion initiated by a question from deraadt@ OK florian@
currently doesn't call the function control_cleanup to do so. The solution is
to simply call that function just before the program quits.
"sure" henning@
This replaces log_verbose() and "extern int verbose" with the two functions
log_setverbose() and log_getverbose().
Pointed out by benno@
OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well)
case the dup2() would fail silently and the descriptor would remain with
the CLOEXEC flag causing the exec*()d child process to have unexpected
behavior.
ok guenther@
ensure that we load the CA certificates and use tls_connect_servername()
so that we can verify the server we are connecting to (even though we've
already resolved the hostname). Also add additional warnings for TLS
connect and TLS write failures so that we know what is happening and why.
Lack of server name verification also reported by Luis M. Merino
<luismiguelmerino at gmail dot com> - thanks!
ok deraadt@ reyk@
removing its second parameter and the enum() that provided the
values for said parameter.
The function was only called with the second parameter set to one
value (BM_NONBLOCKING) from the enum(). So just do the right thing.
Similar to changes made in smtpd.
While here remove the pointless third parameter from the fcntl(F_GETFL)
call.
No functional change.
ok guenther@ bcook@ deraadt@
no other timezone than the fixed string "GMT". Avoid using strptime %Z,
which is nonstandard and can give surprising results on other operating
systems. ok deraadt@ giovanni@ bcook@
titles (including flags) to distinguish between daemons, this makes it
possible to manage multiple copies of a daemon using the normal infrastructure
by symlinking rc.d scripts to a new name. ok jung@ ajacoutot@, smtpd ok gilles@
process management of the contraint processes has been moved from ntp
to the parent, for better privsep and pledge, but the ntp process
still attempted to kill the constraints on timeout directly. Fix this
regression by introducing a new imsg from ntp to the parent and the
related logic to kill a constraint at the right place.
Reported & tested by bcook@
Ok bcook@