bin/51801: blacklistd(8) -s can only set one socket

[Matthew Mondor <mm_lists%pulsar-zone.net@localhost>]

>Number:         51801
>Category:       bin
>Synopsis:       blacklistd(8) -s can only set one socket
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 08 22:20:00 +0000 2017
>Originator:     Matthew Mondor
>Release:        NetBSD 7.0_STABLE
>Organization:
>Environment:
System: NetBSD ninja.xisop 7.0_STABLE NetBSD 7.0_STABLE (GENERIC_MM) #0: Thu Jul 28 22:49:47 EDT 2016 root@ninja.xisop:/usr/obj/sys/arch/amd64/compile/GENERIC_MM amd64
Architecture: x86_64
Machine: amd64
>Description:

I first noticed that rc.conf lacked an entry for blacklistd.  I however
noticed the /etc/rc.d/blacklistd script.  I then checked how it
accumulates sockets for chroots, which seems allright for native system
scripts.

chrootd_flags can also be used, but not to add socket paths.  Syslogd
allows multiple -p to append multiple sockets, and this works despite
it creating a sockets file first.

In the case of blacklistd, -P and -s are mutually exclusive and -s only
allows to set one path.  The rc.d script creates itself the file to
pass -P, so it is not possible to use -P in _flags, and the first -s
used in _flags causes it to be the only socket path that is listened to.

Thus, for my particular setup I cannot use the unmodified rc.d script,
I have to create a custom sockets file and start blacklistd using -P
in /etc/rc.local.

>How-To-Repeat:

rc.conf:
blacklistd=YES
blacklistd_flags="-s<path> -s<path> -s<path>"

# /etc/rc.d/blacklistd start
# fstat -p $(cat /var/run/blacklistd.pid) | grep creat | wc -l
1

>Fix:

I believe that the simplest may be to have fdadd() ignore duplicates,
to first process -P and then add any present -s (or -p if wanting to be
syslogd-compatible).  It would then behave like syslogd(8).