From f4e4fe3a80b4f1400614ec2a47927d6354d0f682 Mon Sep 17 00:00:00 2001
From: henning <henning@openbsd.org>
Date: Fri, 7 Dec 2018 12:52:47 +0000
Subject: I noticed the "pf table handler" process not going away on dhcpd
 restart, looked at the error handling here, and.... oh my. If opening /dev/pf
 on startup fails, don't just warn and move on, but bail. If chroot (or the
 chdir after) fail, don't just warn and move on, bail. If dropping privileges
 fails, the last thing we want to do is to just move on with root privs,
 having warned or not. If the pipe to the parent process is closed, that
 almost certainly means that the parent process went away, and it absolutely
 certainly means that the table handler process has no meaningful reason to
 exist any more, thus bail. ok florian ccardenas krw

---
 usr.sbin/dhcpd/pfutils.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'usr.sbin/dhcpd')

diff --git a/usr.sbin/dhcpd/pfutils.c b/usr.sbin/dhcpd/pfutils.c
index 6f661f7d8a4..091f372d5f5 100644
--- a/usr.sbin/dhcpd/pfutils.c
+++ b/usr.sbin/dhcpd/pfutils.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfutils.c,v 1.18 2017/02/13 23:04:05 krw Exp $ */
+/*	$OpenBSD: pfutils.c,v 1.19 2018/12/07 12:52:47 henning Exp $ */
 /*
  * Copyright (c) 2006 Chris Kuethe <ckuethe@openbsd.org>
  *
@@ -53,15 +53,15 @@ pftable_handler()
 	int l, r, fd, nfds;
 
 	if ((fd = open(_PATH_DEV_PF, O_RDWR|O_NOFOLLOW, 0660)) == -1)
-		log_warn("can't open pf device");
+		fatal("can't open pf device");
 	if (chroot(_PATH_VAREMPTY) == -1)
-		log_warn("chroot %s", _PATH_VAREMPTY);
+		fatal("chroot %s", _PATH_VAREMPTY);
 	if (chdir("/") == -1)
-		log_warn("chdir(\"/\")");
+		fatal("chdir(\"/\")");
 	if (setgroups(1, &pw->pw_gid) ||
 	    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
 	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
-		log_warn("can't drop privileges");
+		fatal("can't drop privileges");
 
 	setproctitle("pf table handler");
 	l = sizeof(struct pf_cmd);
@@ -74,14 +74,14 @@ pftable_handler()
 				log_warn("poll");
 
 		if (nfds > 0 && (pfd[0].revents & POLLHUP))
-			log_warnx("pf pipe closed");
+			fatalx("pf pipe closed");
 
 		if (nfds > 0 && (pfd[0].revents & POLLIN)) {
 			memset(&cmd, 0, l);
 			r = atomicio(read, pfpipe[0], &cmd, l);
 
 			if (r != l)
-				log_warn("pf pipe error");
+				fatalx("pf pipe error");
 
 			switch (cmd.type) {
 			case 'A':
-- 
cgit v1.2.3-59-g8ed1b