From: tedu Date: Thu, 15 Oct 2015 19:49:22 +0000 (+0000) Subject: child can be pledged down a bit to just sockets and io X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=aa5937787c4b0635f20441b57e6e40035effe107;p=openbsd child can be pledged down a bit to just sockets and io --- diff --git a/usr.sbin/rebound/rebound.c b/usr.sbin/rebound/rebound.c index 0a670a16333..52be698b1c2 100644 --- a/usr.sbin/rebound/rebound.c +++ b/usr.sbin/rebound/rebound.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rebound.c,v 1.1 2015/10/15 19:43:30 tedu Exp $ */ +/* $OpenBSD: rebound.c,v 1.2 2015/10/15 19:49:22 tedu Exp $ */ /* * Copyright (c) 2015 Ted Unangst * @@ -326,6 +326,11 @@ launch(const char *confname, int ud, int ld, int kq) close(kq); + if (pledge("stdio inet", NULL) == -1) { + logmsg(LOG_DAEMON | LOG_ERR, "pledge failed"); + exit(1); + } + af = readconfig(conf, &remoteaddr); fclose(conf); if (af == -1) {