Add pledge(2) for radiusctl(8) and radiusd(8).

author yasuoka <yasuoka@openbsd.org>

Mon, 19 Oct 2015 22:07:37 +0000 (22:07 +0000)

committer yasuoka <yasuoka@openbsd.org>

Mon, 19 Oct 2015 22:07:37 +0000 (22:07 +0000)
author yasuoka <yasuoka@openbsd.org>
Mon, 19 Oct 2015 22:07:37 +0000 (22:07 +0000)
committer yasuoka <yasuoka@openbsd.org>
Mon, 19 Oct 2015 22:07:37 +0000 (22:07 +0000)
diff --git a/usr.sbin/radiusctl/radiusctl.c b/usr.sbin/radiusctl/radiusctl.c

index 2591e77..c0e8235 100644 (file)
--- a/usr.sbin/radiusctl/radiusctl.c
+++ b/usr.sbin/radiusctl/radiusctl.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: radiusctl.c,v 1.4 2015/08/25 01:21:57 yasuoka Exp $   */
+/*     $OpenBSD: radiusctl.c,v 1.5 2015/10/19 22:07:37 yasuoka Exp $   */
  /*
   * Copyright (c) 2015 YASUOKA Masahiko <yasuoka@yasuoka.net>
   *
@@ -71,6 +71,8 @@ main(int argc, char *argv[])
         case NONE:
                 break;
         case TEST:
+               if (pledge("stdio dns inet", NULL) == -1)
+                       err(EXIT_FAILURE, "pledge");
                 radius_test(result);
                 break;
         }
diff --git a/usr.sbin/radiusd/radiusd.c b/usr.sbin/radiusd/radiusd.c

index dd8b778..5f8e067 100644 (file)
--- a/usr.sbin/radiusd/radiusd.c
+++ b/usr.sbin/radiusd/radiusd.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: radiusd.c,v 1.8 2015/10/19 06:56:58 yasuoka Exp $     */
+/*     $OpenBSD: radiusd.c,v 1.9 2015/10/19 22:07:37 yasuoka Exp $     */
  
  /*
   * Copyright (c) 2013 Internet Initiative Japan Inc.
@@ -175,6 +175,14 @@ main(int argc, char *argv[])
         if (radiusd_start(radiusd) != 0)
                 errx(EX_DATAERR, "start failed");
  
+#ifdef RADIUSD_DEBUG
+       if (pledge("stdio inet proc abort", NULL) == -1)
+               err(EXIT_FAILURE, "pledge");
+#else
+       if (pledge("stdio inet", NULL) == -1)
+               err(EXIT_FAILURE, "pledge");
+#endif
+
         if (event_loop(0) < 0)
                 radiusd_stop(radiusd);
  
diff --git a/usr.sbin/radiusd/radiusd_bsdauth.c b/usr.sbin/radiusd/radiusd_bsdauth.c

index c7f8307..02bf770 100644 (file)
--- a/usr.sbin/radiusd/radiusd_bsdauth.c
+++ b/usr.sbin/radiusd/radiusd_bsdauth.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: radiusd_bsdauth.c,v 1.5 2015/10/19 07:58:28 yasuoka Exp $     */
+/*     $OpenBSD: radiusd_bsdauth.c,v 1.6 2015/10/19 22:07:37 yasuoka Exp $     */
  
  /*
   * Copyright (c) 2015 YASUOKA Masahiko <yasuoka@yasuoka.net>
@@ -94,6 +94,10 @@ main(int argc, char *argv[])
         openlog(NULL, LOG_PID, LOG_DAEMON);
         setproctitle("[priv]");
         imsg_init(&ibuf, pipe_chld);
+
+       if (pledge("stdio getpw rpath proc exec", NULL) == -1)
+               err(EXIT_FAILURE, "pledge");
+
         for (;;) {
                 if ((n = imsg_read(&ibuf)) <= 0)
                         break;
@@ -230,6 +234,10 @@ module_bsdauth_main(int pipe_prnt, int pipe_chld)
  
         module_load(module_bsdauth.base);
         imsg_init(&module_bsdauth.ibuf, pipe_prnt);
+
+       if (pledge("stdio proc", NULL) == -1)
+               err(EXIT_FAILURE, "pledge");
+
         while (module_run(module_bsdauth.base) == 0)
                 ;
  
diff --git a/usr.sbin/radiusd/radiusd_radius.c b/usr.sbin/radiusd/radiusd_radius.c

index 1e82698..88590ff 100644 (file)
--- a/usr.sbin/radiusd/radiusd_radius.c
+++ b/usr.sbin/radiusd/radiusd_radius.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: radiusd_radius.c,v 1.7 2015/08/02 21:27:27 yasuoka Exp $      */
+/*     $OpenBSD: radiusd_radius.c,v 1.8 2015/10/19 22:07:37 yasuoka Exp $      */
  
  /*
   * Copyright (c) 2013 Internet Initiative Japan Inc.
@@ -129,6 +129,8 @@ main(int argc, char *argv[])
         module_load(module_radius.base);
         log_init(0);
         event_init();
+       if (pledge("stdio inet", NULL) == -1)
+               err(EXIT_FAILURE, "pledge");
         module_start(module_radius.base);
         event_loop(0);
author	yasuoka <yasuoka@openbsd.org>
	Mon, 19 Oct 2015 22:07:37 +0000 (22:07 +0000)
committer	yasuoka <yasuoka@openbsd.org>
	Mon, 19 Oct 2015 22:07:37 +0000 (22:07 +0000)
usr.sbin/radiusctl/radiusctl.c		patch \| blob \| history
usr.sbin/radiusd/radiusd.c		patch \| blob \| history
usr.sbin/radiusd/radiusd_bsdauth.c		patch \| blob \| history
usr.sbin/radiusd/radiusd_radius.c		patch \| blob \| history