Add pledge(2) to the child processes.

This is almost identical to the eigrpd(8) pledge diff, with the exception
that the parent process can not be pledged bacause of a SIOCSETMPWCFG
ioctl used to configure pseudowires.

Looks good to deraadt@.

diff --git a/usr.sbin/ldpd/lde.c b/usr.sbin/ldpd/lde.c
index 5d3f698..03904d3 100644 (file)
--- a/usr.sbin/ldpd/lde.c
+++ b/usr.sbin/ldpd/lde.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: lde.c,v 1.38 2015/07/21 04:52:29 renato Exp $ */
+/*     $OpenBSD: lde.c,v 1.39 2015/10/23 10:10:17 renato Exp $ */
 
 /*
  * Copyright (c) 2004, 2005 Claudio Jeker <claudio@openbsd.org>
@@ -113,6 +113,9 @@ lde(struct ldpd_conf *xconf, int pipe_parent2lde[2], int pipe_ldpe2lde[2],
            setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
                fatal("can't drop privileges");
 
+       if (pledge("stdio", NULL) == -1)
+               fatal("pledge");
+
        event_init();
 
        /* setup signal handler */

diff --git a/usr.sbin/ldpd/ldpe.c b/usr.sbin/ldpd/ldpe.c
index 8df97e5..8b87161 100644 (file)
--- a/usr.sbin/ldpd/ldpe.c
+++ b/usr.sbin/ldpd/ldpe.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ldpe.c,v 1.39 2015/07/21 05:04:12 renato Exp $ */
+/*     $OpenBSD: ldpe.c,v 1.40 2015/10/23 10:10:17 renato Exp $ */
 
 /*
  * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org>
@@ -271,6 +271,9 @@ ldpe(struct ldpd_conf *xconf, int pipe_parent2ldpe[2], int pipe_ldpe2lde[2],
        LIST_FOREACH(tnbr, &leconf->tnbr_list, entry)
                tnbr_init(xconf, tnbr);
 
+       if (pledge("stdio cpath inet mcast", NULL) == -1)
+               fatal("pledge");
+
        event_dispatch();
 
        ldpe_shutdown();