Add SIOCAIFADDR_IN and SIOCDIFADDR_IN to the wroute pledge

to allow setting and removing IPv4 addresses.
Needed for future iked(8) improvements.

Discussed with sthen@ and florian@
ok bluhm@ deraadt@

diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 9ffb7f2..2de0d50 100644 (file)
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kern_pledge.c,v 1.269 2021/01/20 16:36:09 bluhm Exp $ */
+/*     $OpenBSD: kern_pledge.c,v 1.270 2021/02/03 22:46:55 tobhe Exp $ */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -1298,6 +1298,8 @@ pledge_ioctl(struct proc *p, long com, struct file *fp)
 
        if ((pl & PLEDGE_WROUTE)) {
                switch (com) {
+               case SIOCAIFADDR:
+               case SIOCDIFADDR:
                case SIOCAIFADDR_IN6:
                case SIOCDIFADDR_IN6:
                        if (fp->f_type == DTYPE_SOCKET)