From: benno Date: Sat, 10 Oct 2015 00:16:23 +0000 (+0000) Subject: relayd's ca process pledges to only use stdio. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=9d396bfedba43c4186d0765460ea2457711c3e6d;p=openbsd relayd's ca process pledges to only use stdio. ok deraadt@ --- diff --git a/usr.sbin/relayd/ca.c b/usr.sbin/relayd/ca.c index 81f9971771d..977151b0b6e 100644 --- a/usr.sbin/relayd/ca.c +++ b/usr.sbin/relayd/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.13 2015/05/02 13:15:24 claudio Exp $ */ +/* $OpenBSD: ca.c,v 1.14 2015/10/10 00:16:23 benno Exp $ */ /* * Copyright (c) 2014 Reyk Floeter @@ -73,6 +73,9 @@ ca(struct privsep *ps, struct privsep_proc *p) void ca_init(struct privsep *ps, struct privsep_proc *p, void *arg) { + if (pledge("stdio", NULL) == -1) + fatal("pledge"); + if (config_init(ps->ps_env) == -1) fatal("failed to initialize configuration");