From: friehm <friehm@openbsd.org>
Date: Tue, 10 Jul 2018 21:21:56 +0000 (+0000)
Subject: pledge(2)
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=b165ff272f358c6ce78cfdf0c0a8f992f9ec31db;p=openbsd

pledge(2)

Looks great! deraadt@
OK florian
OK remi@
---

diff --git a/usr.sbin/ospf6d/ospfe.c b/usr.sbin/ospf6d/ospfe.c
index d53ffbbf723..98e42409a07 100644
--- a/usr.sbin/ospf6d/ospfe.c
+++ b/usr.sbin/ospf6d/ospfe.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ospfe.c,v 1.51 2017/08/12 16:27:50 benno Exp $ */
+/*	$OpenBSD: ospfe.c,v 1.52 2018/07/10 21:21:56 friehm Exp $ */
 
 /*
  * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org>
@@ -133,6 +133,9 @@ ospfe(struct ospfd_conf *xconf, int pipe_parent2ospfe[2], int pipe_ospfe2rde[2],
 	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
 		fatal("can't drop privileges");
 
+	if (pledge("stdio inet mcast", NULL) == -1)
+		fatal("pledge");
+
 	event_init();
 	nbr_init(NBR_HASHSIZE);
 	lsa_cache_init(LSA_HASHSIZE);
diff --git a/usr.sbin/ospf6d/rde.c b/usr.sbin/ospf6d/rde.c
index 68317d54661..7e630e6ed4e 100644
--- a/usr.sbin/ospf6d/rde.c
+++ b/usr.sbin/ospf6d/rde.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rde.c,v 1.76 2018/06/12 20:12:36 remi Exp $ */
+/*	$OpenBSD: rde.c,v 1.77 2018/07/10 21:21:56 friehm Exp $ */
 
 /*
  * Copyright (c) 2004, 2005 Claudio Jeker <claudio@openbsd.org>
@@ -156,6 +156,9 @@ rde(struct ospfd_conf *xconf, int pipe_parent2rde[2], int pipe_ospfe2rde[2],
 	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
 		fatal("can't drop privileges");
 
+	if (pledge("stdio", NULL) == -1)
+		fatal("pledge");
+
 	event_init();
 	rde_nbr_init(NBR_HASHSIZE);
 	lsa_init(&asext_tree);