NetBSD Problem Report #51801

From mm_lists@pulsar-zone.net  Sun Jan  8 22:17:46 2017
Return-Path: <mm_lists@pulsar-zone.net>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 114B97A1AF
	for <gnats-bugs@gnats.NetBSD.org>; Sun,  8 Jan 2017 22:17:46 +0000 (UTC)
Message-Id: <201701082217.v08MHhXK020130@ginseng.pulsar-zone.net>
Date: Sun, 8 Jan 2017 17:17:43 -0500
From: Matthew Mondor <mm_lists@pulsar-zone.net>
To: gnats-bugs@NetBSD.org
Subject: blacklistd(8) -s can only set one socket

>Number:         51801
>Category:       bin
>Synopsis:       blacklistd(8) -s can only set one socket
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 08 22:20:00 +0000 2017
>Closed-Date:    Mon Jan 16 10:26:56 +0000 2017
>Last-Modified:  Mon Jan 16 10:26:56 +0000 2017
>Originator:     Matthew Mondor
>Release:        NetBSD 7.0_STABLE
>Organization:
>Environment:
System: NetBSD ninja.xisop 7.0_STABLE NetBSD 7.0_STABLE (GENERIC_MM) #0: Thu Jul 28 22:49:47 EDT 2016 root@ninja.xisop:/usr/obj/sys/arch/amd64/compile/GENERIC_MM amd64
Architecture: x86_64
Machine: amd64
>Description:

I first noticed that rc.conf lacked an entry for blacklistd.  I however
noticed the /etc/rc.d/blacklistd script.  I then checked how it
accumulates sockets for chroots, which seems allright for native system
scripts.

chrootd_flags can also be used, but not to add socket paths.  Syslogd
allows multiple -p to append multiple sockets, and this works despite
it creating a sockets file first.

In the case of blacklistd, -P and -s are mutually exclusive and -s only
allows to set one path.  The rc.d script creates itself the file to
pass -P, so it is not possible to use -P in _flags, and the first -s
used in _flags causes it to be the only socket path that is listened to.

Thus, for my particular setup I cannot use the unmodified rc.d script,
I have to create a custom sockets file and start blacklistd using -P
in /etc/rc.local.

>How-To-Repeat:

rc.conf:
blacklistd=YES
blacklistd_flags="-s<path> -s<path> -s<path>"

# /etc/rc.d/blacklistd start
# fstat -p $(cat /var/run/blacklistd.pid) | grep creat | wc -l
1

>Fix:

I believe that the simplest may be to have fdadd() ignore duplicates,
to first process -P and then add any present -s (or -p if wanting to be
syslogd-compatible).  It would then behave like syslogd(8).

>Release-Note:

>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/51801 CVS commit: src/external/bsd/blacklist/bin
Date: Sun, 8 Jan 2017 22:05:48 -0500

 Module Name:	src
 Committed By:	christos
 Date:		Mon Jan  9 03:05:48 UTC 2017

 Modified Files:
 	src/external/bsd/blacklist/bin: blacklistd.c

 Log Message:
 PR/51801: Matthew Mondor: Support multiple -s options and -P and -s at the
 same time.


 To generate a diff of this commit:
 cvs rdiff -u -r1.35 -r1.36 src/external/bsd/blacklist/bin/blacklistd.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->feedback
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Mon, 09 Jan 2017 17:47:31 +0000
State-Changed-Why:
how's that?


From: Matthew Mondor <mm_lists@pulsar-zone.net>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: bin/51801 (blacklistd(8) -s can only set one socket)
Date: Wed, 11 Jan 2017 11:20:38 -0500

 On Mon,  9 Jan 2017 17:47:32 +0000 (UTC)
 dholland@NetBSD.org wrote:

 > Synopsis: blacklistd(8) -s can only set one socket
 > 
 > State-Changed-From-To: open->feedback
 > State-Changed-By: dholland@NetBSD.org
 > State-Changed-When: Mon, 09 Jan 2017 17:47:31 +0000
 > State-Changed-Why:
 > how's that?

 I had to pull it up to netbsd-7 to test it; it seems to work fine.
 Thank you for the quick fix!

 I seem to experience another issue or two with blacklistd, but will
 first perform more tests and file another specific PR as necessary.

 -- 
 Matt

State-Changed-From-To: feedback->closed
State-Changed-By: maya@NetBSD.org
State-Changed-When: Mon, 16 Jan 2017 10:26:56 +0000
State-Changed-Why:
feedback received, thanks


>Unformatted:

Home	PR Database Search