Pledge the syslogd privsep process with "stdio rpath wpath cpath

author bluhm <bluhm@openbsd.org>

Fri, 16 Oct 2015 16:10:10 +0000 (16:10 +0000)

committer bluhm <bluhm@openbsd.org>

Fri, 16 Oct 2015 16:10:10 +0000 (16:10 +0000)
author bluhm <bluhm@openbsd.org>
Fri, 16 Oct 2015 16:10:10 +0000 (16:10 +0000)
committer bluhm <bluhm@openbsd.org>
Fri, 16 Oct 2015 16:10:10 +0000 (16:10 +0000)
diff --git a/usr.sbin/syslogd/privsep.c b/usr.sbin/syslogd/privsep.c

index 94f6b2a..4487650 100644 (file)
--- a/usr.sbin/syslogd/privsep.c
+++ b/usr.sbin/syslogd/privsep.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: privsep.c,v 1.56 2015/10/15 20:26:47 bluhm Exp $      */
+/*     $OpenBSD: privsep.c,v 1.57 2015/10/16 16:10:10 bluhm Exp $      */
  
  /*
   * Copyright (c) 2003 Anil Madhavapeddy <anil@recoil.org>
@@ -144,6 +144,10 @@ priv_init(char *conf, int numeric, int lockfd, int nullfd, char *argv[])
                 return 0;
         }
  
+       if (pledge("stdio rpath wpath cpath inet dns getpw sendfd proc exec",
+           NULL) == -1)
+               err(1, "pledge priv");
+
         if (!Debug) {
                 close(lockfd);
                 dup2(nullfd, STDIN_FILENO);
author	bluhm <bluhm@openbsd.org>
	Fri, 16 Oct 2015 16:10:10 +0000 (16:10 +0000)
committer	bluhm <bluhm@openbsd.org>
	Fri, 16 Oct 2015 16:10:10 +0000 (16:10 +0000)