-/* $OpenBSD: netcat.c,v 1.139 2015/10/11 00:26:23 guenther Exp $ */
+/* $OpenBSD: netcat.c,v 1.140 2015/10/23 05:27:17 beck Exp $ */
/*
* Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
* Copyright (c) 2015 Bob Beck. All rights reserved.
argc -= optind;
argv += optind;
+ if (rtableid >= 0) {
+ /*
+ * XXX No pledge if doing rtable manipulation!
+ * XXX the routing table stuff is dangerous and can't be pledged.
+ * XXX rtable should really have a better interface than sockopt
+ */
+ }
+ else if (family == AF_UNIX) {
+ if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
+ err(1, "pledge");
+ }
+ else if (Fflag) {
+ if (pledge("stdio inet dns sendfd", NULL) == -1)
+ err(1, "pledge");
+ }
+ else if (usetls) {
+ if (pledge("stdio rpath inet dns", NULL) == -1)
+ err(1, "pledge");
+ }
+ else if (pledge("stdio inet dns", NULL) == -1)
+ err(1, "pledge");
+
/* Cruft to make sure options are clean, and used properly. */
if (argv[0] && !argv[1] && family == AF_UNIX) {
host = argv[0];
errx(1, "cannot use -c and -u");
if ((family == AF_UNIX) && usetls)
errx(1, "cannot use -c and -U");
+ if ((family == AF_UNIX) && Fflag)
+ errx(1, "cannot use -F and -U");
+ if (Fflag && usetls)
+ errx(1, "cannot use -c and -F");
if (TLSopt && !usetls)
errx(1, "you must specify -c to use TLS options");
if (Cflag && !usetls)
projects / openbsd / commitdiff