child can be pledged down a bit to just sockets and io

author tedu <tedu@openbsd.org>

Thu, 15 Oct 2015 19:49:22 +0000 (19:49 +0000)

committer tedu <tedu@openbsd.org>

Thu, 15 Oct 2015 19:49:22 +0000 (19:49 +0000)
author tedu <tedu@openbsd.org>
Thu, 15 Oct 2015 19:49:22 +0000 (19:49 +0000)
committer tedu <tedu@openbsd.org>
Thu, 15 Oct 2015 19:49:22 +0000 (19:49 +0000)
diff --git a/usr.sbin/rebound/rebound.c b/usr.sbin/rebound/rebound.c

index 0a670a1..52be698 100644 (file)
--- a/usr.sbin/rebound/rebound.c
+++ b/usr.sbin/rebound/rebound.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rebound.c,v 1.1 2015/10/15 19:43:30 tedu Exp $ */
+/* $OpenBSD: rebound.c,v 1.2 2015/10/15 19:49:22 tedu Exp $ */
  /*
   * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
   *
@@ -326,6 +326,11 @@ launch(const char *confname, int ud, int ld, int kq)
  
         close(kq);
  
+       if (pledge("stdio inet", NULL) == -1) {
+               logmsg(LOG_DAEMON | LOG_ERR, "pledge failed");
+               exit(1);
+       }
+
         af = readconfig(conf, &remoteaddr);
         fclose(conf);
         if (af == -1) {
author	tedu <tedu@openbsd.org>
	Thu, 15 Oct 2015 19:49:22 +0000 (19:49 +0000)
committer	tedu <tedu@openbsd.org>
	Thu, 15 Oct 2015 19:49:22 +0000 (19:49 +0000)