From: deraadt <deraadt@openbsd.org>
Date: Sun, 25 Oct 2015 08:07:31 +0000 (+0000)
Subject: pledge the main usage patterns similar to arp(8).  Some akkorokamui
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=496bea395f3ab8630a2b6a7e2f4ee23df0c5bb3b;p=openbsd

pledge the main usage patterns similar to arp(8).  Some akkorokamui
prevent doing this better, someone should try to refactor this more
like arp... also figure out what dawn-of-ipv6 options can be removed.
ok benno
---

diff --git a/usr.sbin/ndp/ndp.c b/usr.sbin/ndp/ndp.c
index 53e81bd7cfb..2d01ef48bdf 100644
--- a/usr.sbin/ndp/ndp.c
+++ b/usr.sbin/ndp/ndp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ndp.c,v 1.64 2015/10/24 20:41:40 matthieu Exp $	*/
+/*	$OpenBSD: ndp.c,v 1.65 2015/10/25 08:07:31 deraadt Exp $	*/
 /*	$KAME: ndp.c,v 1.101 2002/07/17 08:46:33 itojun Exp $	*/
 
 /*
@@ -332,12 +332,18 @@ file(char *name)
 void
 getsocket(void)
 {
-	if (s < 0) {
-		s = socket(PF_ROUTE, SOCK_RAW, 0);
-		if (s < 0) {
-			err(1, "socket");
-			/* NOTREACHED */
-		}
+	if (s >= 0)
+		return;
+	s = socket(PF_ROUTE, SOCK_RAW, 0);
+	if (s < 0)
+		err(1, "socket");
+
+	if (nflag) {
+		if (pledge("stdio", NULL) == -1)
+			err(1, "pledge");
+	} else {
+		if (pledge("stdio dns", NULL) == -1)
+			err(1, "pledge");
 	}
 }
 
@@ -600,6 +606,14 @@ again:;
 		break;
 	}
 
+	if (nflag) {
+		if (pledge("stdio route", NULL) == -1)
+			err(1, "pledge");
+	} else {
+		if (pledge("stdio route dns", NULL) == -1)
+			err(1, "pledge");
+	}
+
 	for (next = buf; next && next < lim; next += rtm->rtm_msglen) {
 		int isrouter = 0, prbs = 0;
 
@@ -794,8 +808,8 @@ usage(void)
 {
 	printf("usage: ndp [-nrt] [-a | -c | -p] [-H | -P | -R] ");
 	printf("[-A wait] [-d hostname]\n");
-	printf("\t[-f filename] [-i interface [flag ...]]\n");
-	printf("\t[-s nodename etheraddr [temp] [proxy]] ");
+	printf("           [-f filename] [-i interface [flag ...]]\n");
+	printf("           [-s nodename etheraddr [temp] [proxy]] ");
 	printf("[-V rdomain] [hostname]\n");
 	exit(1);
 }