pledge() privileged process

author gilles <gilles@openbsd.org>

Wed, 14 Oct 2015 19:56:58 +0000 (19:56 +0000)

committer gilles <gilles@openbsd.org>

Wed, 14 Oct 2015 19:56:58 +0000 (19:56 +0000)
author gilles <gilles@openbsd.org>
Wed, 14 Oct 2015 19:56:58 +0000 (19:56 +0000)
committer gilles <gilles@openbsd.org>
Wed, 14 Oct 2015 19:56:58 +0000 (19:56 +0000)
diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c

index 4bf1af4..099cd59 100644 (file)
--- a/usr.sbin/smtpd/smtpd.c
+++ b/usr.sbin/smtpd/smtpd.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: smtpd.c,v 1.246 2015/10/14 09:14:11 sunil Exp $       */
+/*     $OpenBSD: smtpd.c,v 1.247 2015/10/14 19:56:58 gilles Exp $      */
  
  /*
   * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -690,6 +690,9 @@ main(int argc, char *argv[])
  
         purge_task();
  
+       if (pledge("stdio rpath wpath cpath tmppath getpw sendfd proc exec", NULL) == -1)
+               err(1, "pledge");
+       
         if (event_dispatch() < 0)
                 fatal("smtpd: event_dispatch");
author	gilles <gilles@openbsd.org>
	Wed, 14 Oct 2015 19:56:58 +0000 (19:56 +0000)
committer	gilles <gilles@openbsd.org>
	Wed, 14 Oct 2015 19:56:58 +0000 (19:56 +0000)