Once the constraint engine process is running, it only needs

author deraadt <deraadt@openbsd.org>

Fri, 9 Oct 2015 03:50:40 +0000 (03:50 +0000)

committer deraadt <deraadt@openbsd.org>

Fri, 9 Oct 2015 03:50:40 +0000 (03:50 +0000)
author deraadt <deraadt@openbsd.org>
Fri, 9 Oct 2015 03:50:40 +0000 (03:50 +0000)
committer deraadt <deraadt@openbsd.org>
Fri, 9 Oct 2015 03:50:40 +0000 (03:50 +0000)
diff --git a/usr.sbin/ntpd/constraint.c b/usr.sbin/ntpd/constraint.c

index cf92441..8fc2cca 100644 (file)
--- a/usr.sbin/ntpd/constraint.c
+++ b/usr.sbin/ntpd/constraint.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: constraint.c,v 1.17 2015/09/10 13:49:48 beck Exp $    */
+/*     $OpenBSD: constraint.c,v 1.18 2015/10/09 03:50:40 deraadt Exp $ */
  
  /*
   * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -38,6 +38,7 @@
  #include <unistd.h>
  #include <time.h>
  #include <tls.h>
+#include <err.h>
  
  #include "log.h"
  #include "ntpd.h"
@@ -197,6 +198,9 @@ constraint_query(struct constraint *cstr)
         case 0:
                 setproctitle("constraint from %s", hname);
  
+               if (pledge("stdio inet", NULL) == -1)
+                       err(1, "pledge");
+
                 /* Child process */
                 if (dup2(pipes[1], CONSTRAINT_PASSFD) == -1)
                         fatal("%s dup2 CONSTRAINT_PASSFD", __func__);
author	deraadt <deraadt@openbsd.org>
	Fri, 9 Oct 2015 03:50:40 +0000 (03:50 +0000)
committer	deraadt <deraadt@openbsd.org>
	Fri, 9 Oct 2015 03:50:40 +0000 (03:50 +0000)