pledge(2)

Looks great! deraadt@
OK florian
OK remi@

diff --git a/usr.sbin/ospf6d/ospfe.c b/usr.sbin/ospf6d/ospfe.c
index d53ffbb..98e4240 100644 (file)
--- a/usr.sbin/ospf6d/ospfe.c
+++ b/usr.sbin/ospf6d/ospfe.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ospfe.c,v 1.51 2017/08/12 16:27:50 benno Exp $ */
+/*     $OpenBSD: ospfe.c,v 1.52 2018/07/10 21:21:56 friehm Exp $ */
 
 /*
  * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org>
@@ -133,6 +133,9 @@ ospfe(struct ospfd_conf *xconf, int pipe_parent2ospfe[2], int pipe_ospfe2rde[2],
            setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
                fatal("can't drop privileges");
 
+       if (pledge("stdio inet mcast", NULL) == -1)
+               fatal("pledge");
+
        event_init();
        nbr_init(NBR_HASHSIZE);
        lsa_cache_init(LSA_HASHSIZE);

diff --git a/usr.sbin/ospf6d/rde.c b/usr.sbin/ospf6d/rde.c
index 68317d5..7e630e6 100644 (file)
--- a/usr.sbin/ospf6d/rde.c
+++ b/usr.sbin/ospf6d/rde.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: rde.c,v 1.76 2018/06/12 20:12:36 remi Exp $ */
+/*     $OpenBSD: rde.c,v 1.77 2018/07/10 21:21:56 friehm Exp $ */
 
 /*
  * Copyright (c) 2004, 2005 Claudio Jeker <claudio@openbsd.org>
@@ -156,6 +156,9 @@ rde(struct ospfd_conf *xconf, int pipe_parent2rde[2], int pipe_ospfe2rde[2],
            setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
                fatal("can't drop privileges");
 
+       if (pledge("stdio", NULL) == -1)
+               fatal("pledge");
+
        event_init();
        rde_nbr_init(NBR_HASHSIZE);
        lsa_init(&asext_tree);