From: gilles <gilles@openbsd.org>
Date: Wed, 14 Oct 2015 19:39:16 +0000 (+0000)
Subject: pledge() pony and lookup
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=a8c16586bfbc9aaf716e1cac453aa5dd25094330;p=openbsd

pledge() pony and lookup

ok deraadt@
---

diff --git a/usr.sbin/smtpd/lka.c b/usr.sbin/smtpd/lka.c
index eacbc0549c6..fd127ad2270 100644
--- a/usr.sbin/smtpd/lka.c
+++ b/usr.sbin/smtpd/lka.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: lka.c,v 1.176 2015/10/02 00:28:30 gilles Exp $	*/
+/*	$OpenBSD: lka.c,v 1.177 2015/10/14 19:39:16 gilles Exp $	*/
 
 /*
  * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -514,6 +514,9 @@ lka(void)
 	/* Ignore them until we get our config */
 	mproc_disable(p_pony);
 
+	if (pledge("stdio rpath inet dns getpw recvfd", NULL) == -1)
+		err(1, "pledge");
+
 	if (event_dispatch() < 0)
 		fatal("event_dispatch");
 	lka_shutdown();
diff --git a/usr.sbin/smtpd/pony.c b/usr.sbin/smtpd/pony.c
index 0b049867ccb..ca12d0592b0 100644
--- a/usr.sbin/smtpd/pony.c
+++ b/usr.sbin/smtpd/pony.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pony.c,v 1.7 2015/01/20 17:37:54 deraadt Exp $	*/
+/*	$OpenBSD: pony.c,v 1.8 2015/10/14 19:39:16 gilles Exp $	*/
 
 /*
  * Copyright (c) 2014 Gilles Chehade <gilles@poolp.org>
@@ -215,6 +215,9 @@ pony(void)
 
 	ca_engine_init();
 
+	if (pledge("stdio inet unix recvfd sendfd", NULL) == -1)
+		err(1, "pledge");
+
 	if (event_dispatch() < 0)
 		fatal("event_dispatch");
 	pony_shutdown();