tame "stdio inet cmsg" should work well in the session engine.

author deraadt <deraadt@openbsd.org>

Mon, 5 Oct 2015 16:16:41 +0000 (16:16 +0000)

committer deraadt <deraadt@openbsd.org>

Mon, 5 Oct 2015 16:16:41 +0000 (16:16 +0000)
author deraadt <deraadt@openbsd.org>
Mon, 5 Oct 2015 16:16:41 +0000 (16:16 +0000)
committer deraadt <deraadt@openbsd.org>
Mon, 5 Oct 2015 16:16:41 +0000 (16:16 +0000)
diff --git a/usr.sbin/bgpd/session.c b/usr.sbin/bgpd/session.c

index 61d3356..bd725af 100644 (file)
--- a/usr.sbin/bgpd/session.c
+++ b/usr.sbin/bgpd/session.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: session.c,v 1.340 2015/08/04 14:46:38 phessler Exp $ */
+/*     $OpenBSD: session.c,v 1.341 2015/10/05 16:16:41 deraadt Exp $ */
  
  /*
   * Copyright (c) 2003, 2004, 2005 Henning Brauer <henning@openbsd.org>
@@ -219,6 +219,9 @@ session_main(int debug, int verbose)
             setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
                 fatal("can't drop privileges");
  
+       if (tame("stdio inet cmsg", NULL) == -1)
+               err(1, "tame");
+
         signal(SIGTERM, session_sighdlr);
         signal(SIGINT, session_sighdlr);
         signal(SIGPIPE, SIG_IGN);
author	deraadt <deraadt@openbsd.org>
	Mon, 5 Oct 2015 16:16:41 +0000 (16:16 +0000)
committer	deraadt <deraadt@openbsd.org>
	Mon, 5 Oct 2015 16:16:41 +0000 (16:16 +0000)