When syslogd(8) parent process terminates, the file cleanup code

did not work anymore.  unveil(2) prevented removal.  Cleaning the
UNIX domain sockets is not necessary.  They are harmless and unlinked
before a new bind.  So delete that functionality and convert global
to local variables.  Providing /var/run/syslog.pid is a common
feature that should be kept.  A stale pid file is confusing.  So
add a constant path to unveil(2) to allow pid file removal.
OK deraadt@

3 files changed, 8 insertions, 18 deletions

diff --git a/usr.sbin/syslogd/privsep.c b/usr.sbin/syslogd/privsep.c
index 1da7f4f46bd..fd2351dad0f 100644
--- a/usr.sbin/syslogd/privsep.c
+++ b/usr.sbin/syslogd/privsep.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: privsep.c,v 1.70 2019/06/28 13:32:51 deraadt Exp $	*/
+/*	$OpenBSD: privsep.c,v 1.71 2019/07/05 13:23:27 bluhm Exp $	*/
 
 /*
  * Copyright (c) 2003 Anil Madhavapeddy <anil@recoil.org>
@@ -190,6 +190,8 @@ priv_exec(char *conf, int numeric, int child, int argc, char *argv[])
 		err(1, "unveil");
 	if (unveil(_PATH_DEV, "rw") == -1)
 		err(1, "unveil");
+	if (unveil(_PATH_LOGPID, "c") == -1)
+		err(1, "unveil");
 
 	/* for pipes */
 	if (unveil(_PATH_BSHELL, "x") == -1)
@@ -432,12 +434,6 @@ priv_exec(char *conf, int numeric, int child, int argc, char *argv[])
 
 	close(sock);
 
-	/* Unlink any domain sockets that have been opened */
-	for (i = 0; i < nunix; i++)
-		(void)unlink(path_unix[i]);
-	if (path_ctlsock != NULL)
-		(void)unlink(path_ctlsock);
-
 	if (restart) {
 		int status;
 
diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c
index b84454987d9..be63e9403c8 100644
--- a/usr.sbin/syslogd/syslogd.c
+++ b/usr.sbin/syslogd/syslogd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: syslogd.c,v 1.261 2019/07/02 13:17:27 bluhm Exp $	*/
+/*	$OpenBSD: syslogd.c,v 1.262 2019/07/05 13:23:27 bluhm Exp $	*/
 
 /*
  * Copyright (c) 2014-2017 Alexander Bluhm <bluhm@genua.de>
@@ -215,8 +215,6 @@ char	*TypeNames[] = {
 SIMPLEQ_HEAD(filed_list, filed) Files;
 struct	filed consfile;
 
-int	nunix;			/* Number of Unix domain sockets requested */
-char	**path_unix;		/* Paths to Unix domain sockets */
 int	Debug;			/* debug flag */
 int	Foreground;		/* run in foreground, instead of daemonizing */
 char	LocalHostName[HOST_NAME_MAX+1];	/* our hostname */
@@ -233,7 +231,6 @@ int	NoDNS = 0;		/* when true, refrain from doing DNS lookups */
 int	ZuluTime = 0;		/* display date and time in UTC ISO format */
 int	IncludeHostname = 0;	/* include RFC 3164 hostnames when forwarding */
 int	Family = PF_UNSPEC;	/* protocol family, may disable IPv4 or IPv6 */
-char	*path_ctlsock = NULL;	/* Path to control socket */
 
 struct	tls *server_ctx;
 struct	tls_config *client_config, *server_config;
@@ -372,7 +369,8 @@ main(int argc, char *argv[])
 	int		 ch, i;
 	int		 lockpipe[2] = { -1, -1}, pair[2], nullfd, fd;
 	int		 fd_ctlsock, fd_klog, fd_sendsys, *fd_bind, *fd_listen;
-	int		*fd_tls, *fd_unix, nbind, nlisten, ntls;
+	int		*fd_tls, *fd_unix, nunix, nbind, nlisten, ntls;
+	char		**path_unix, *path_ctlsock;
 	char		**bind_host, **bind_port, **listen_host, **listen_port;
 	char		*tls_hostport, **tls_host, **tls_port;
 
@@ -386,6 +384,7 @@ main(int argc, char *argv[])
 		err(1, "malloc %s", _PATH_LOG);
 	path_unix[0] = _PATH_LOG;
 	nunix = 1;
+	path_ctlsock = NULL;
 
 	bind_host = listen_host = tls_host = NULL;
 	bind_port = listen_port = tls_port = NULL;
diff --git a/usr.sbin/syslogd/syslogd.h b/usr.sbin/syslogd/syslogd.h
index 822f22fc6d1..ff3efcf5985 100644
--- a/usr.sbin/syslogd/syslogd.h
+++ b/usr.sbin/syslogd/syslogd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: syslogd.h,v 1.32 2017/10/05 16:15:24 bluhm Exp $ */
+/*	$OpenBSD: syslogd.h,v 1.33 2019/07/05 13:23:27 bluhm Exp $ */
 
 /*
  * Copyright (c) 2014-2017 Alexander Bluhm <bluhm@genua.de>
@@ -44,11 +44,6 @@ void ttymsg(struct iovec *, int, char *);
 void send_fd(int, int);
 int  receive_fd(int);
 
-/* The list of domain sockets */
-extern int nunix;
-extern char **path_unix;
-extern char *path_ctlsock;
-
 #define ERRBUFSIZE	256
 void vlogmsg(int pri, const char *, const char *, va_list);
 __dead void die(int);