Revert back previous and remove cpath pledge(2) promise entirely. We decided

that not deleting the unix control sockets cause no harm and this way we close
another attack surface by not allowing the daemon to create/delete any more
files.

tweak and OK florian@

5 files changed, 7 insertions, 23 deletions

diff --git a/usr.sbin/eigrpd/control.c b/usr.sbin/eigrpd/control.c
index 8c2909700a3..a3d1aea48b6 100644
--- a/usr.sbin/eigrpd/control.c
+++ b/usr.sbin/eigrpd/control.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: control.c,v 1.7 2017/01/08 23:04:42 krw Exp $ */
+/*	$OpenBSD: control.c,v 1.8 2018/08/05 08:10:35 mestre Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -100,16 +100,6 @@ control_listen(void)
 	return (0);
 }
 
-void
-control_cleanup(char *path)
-{
-	if (path == NULL)
-		return;
-	event_del(&control_state.ev);
-	event_del(&control_state.evt);
-	unlink(path);
-}
-
 /* ARGSUSED */
 static void
 control_accept(int listenfd, short event, void *bula)
diff --git a/usr.sbin/eigrpd/control.h b/usr.sbin/eigrpd/control.h
index 298c2d9aa99..4e395cf3923 100644
--- a/usr.sbin/eigrpd/control.h
+++ b/usr.sbin/eigrpd/control.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: control.h,v 1.3 2016/09/02 16:44:33 renato Exp $ */
+/*	$OpenBSD: control.h,v 1.4 2018/08/05 08:10:35 mestre Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -36,7 +36,6 @@ struct ctl_conn {
 
 int	control_init(char *);
 int	control_listen(void);
-void	control_cleanup(char *);
 int	control_imsg_relay(struct imsg *);
 
 #endif	/* _CONTROL_H_ */
diff --git a/usr.sbin/eigrpd/eigrpd.c b/usr.sbin/eigrpd/eigrpd.c
index fe59c7c3a21..9641795c28d 100644
--- a/usr.sbin/eigrpd/eigrpd.c
+++ b/usr.sbin/eigrpd/eigrpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: eigrpd.c,v 1.23 2018/08/02 06:43:31 mestre Exp $ */
+/*	$OpenBSD: eigrpd.c,v 1.24 2018/08/05 08:10:35 mestre Exp $ */
 
 /*
  * Copyright (c) 2015 Renato Westphal <renato@openbsd.org>
@@ -168,8 +168,6 @@ main(int argc, char *argv[])
 	else if (eflag)
 		eigrpe(debug, global.cmd_opts & EIGRPD_OPT_VERBOSE, sockname);
 
-	global.csock = sockname;
-
 	mib[0] = CTL_NET;
 	mib[1] = PF_INET;
 	mib[2] = IPPROTO_IP;
@@ -271,7 +269,7 @@ main(int argc, char *argv[])
 	    eigrpd_conf->rdomain) == -1)
 		fatalx("kr_init failed");
 
-	if (pledge("stdio rpath cpath inet sendfd", NULL) == -1)
+	if (pledge("stdio rpath inet sendfd", NULL) == -1)
 		fatal("pledge");
 
 	event_dispatch();
@@ -293,7 +291,6 @@ eigrpd_shutdown(void)
 	msgbuf_clear(&iev_rde->ibuf.w);
 	close(iev_rde->ibuf.fd);
 
-	control_cleanup(global.csock);
 	kr_shutdown();
 	config_clear(eigrpd_conf);
 
diff --git a/usr.sbin/eigrpd/eigrpd.h b/usr.sbin/eigrpd/eigrpd.h
index 214224e32c4..4a7f599173f 100644
--- a/usr.sbin/eigrpd/eigrpd.h
+++ b/usr.sbin/eigrpd/eigrpd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: eigrpd.h,v 1.24 2018/02/08 00:16:54 claudio Exp $ */
+/*	$OpenBSD: eigrpd.h,v 1.25 2018/08/05 08:10:35 mestre Exp $ */
 
 /*
  * Copyright (c) 2015 Renato Westphal <renato@openbsd.org>
@@ -339,7 +339,6 @@ struct eigrpd_global {
 	int			 eigrp_socket_v6;
 	struct in_addr		 mcast_addr_v4;
 	struct in6_addr		 mcast_addr_v6;
-	char			*csock;
 };
 
 extern struct eigrpd_global global;
diff --git a/usr.sbin/eigrpd/eigrpe.c b/usr.sbin/eigrpd/eigrpe.c
index afe92e68206..e22e7c7c959 100644
--- a/usr.sbin/eigrpd/eigrpe.c
+++ b/usr.sbin/eigrpd/eigrpe.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: eigrpe.c,v 1.35 2018/08/02 06:28:35 mestre Exp $ */
+/*	$OpenBSD: eigrpe.c,v 1.36 2018/08/05 08:10:35 mestre Exp $ */
 
 /*
  * Copyright (c) 2015 Renato Westphal <renato@openbsd.org>
@@ -76,8 +76,7 @@ eigrpe(int debug, int verbose, char *sockname)
 	log_verbose(verbose);
 
 	/* create eigrpd control socket outside chroot */
-	global.csock = sockname;
-	if (control_init(global.csock) == -1)
+	if (control_init(sockname) == -1)
 		fatalx("control socket setup failed");
 
 	if (inet_pton(AF_INET, AllEIGRPRouters_v4, &global.mcast_addr_v4) != 1)