portmap's main process can be tame "stdio rpath inet proc"; proc is

for the callit interface needing to fork, and parent needing to wait.
that child can drop to "stdio rpath inet".

It is possible some libc/rpc codepath has not yet been figured out, but
commiting it is the best way to get it tested. Tested what I could myself,
but noone answered my call for testing...

diff --git a/usr.sbin/portmap/portmap.c b/usr.sbin/portmap/portmap.c
index c5bf395..4259e35 100644 (file)
--- a/usr.sbin/portmap/portmap.c
+++ b/usr.sbin/portmap/portmap.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: portmap.c,v 1.45 2015/09/13 15:44:47 guenther Exp $   */
+/*     $OpenBSD: portmap.c,v 1.46 2015/10/08 14:02:09 deraadt Exp $    */
 
 /*-
  * Copyright (c) 1996, 1997 Theo de Raadt (OpenBSD). All rights reserved.
@@ -246,6 +246,9 @@ main(int argc, char *argv[])
        }
        endpwent();
 
+       if (tame("stdio rpath inet proc", NULL) == -1)
+               err(1, "tame");
+
        if (svc_register(xprt, PMAPPROG, PMAPVERS, reg_service, FALSE) == 0) {
                syslog(LOG_ERR, "svc_register failed.");
                exit(1);
@@ -604,6 +607,10 @@ callit(struct svc_req *rqstp, SVCXPRT *xprt)
                            a.rmt_prog);
                return;
        }
+
+       if (tame("stdio rpath inet", NULL) == -1)
+               err(1, "tame");
+
        port = pml->pml_map.pm_port;
        get_myaddress(&me);
        me.sin_port = htons(port);