From: bluhm <bluhm@openbsd.org>
Date: Fri, 16 Oct 2015 16:10:10 +0000 (+0000)
Subject: Pledge the syslogd privsep process with "stdio rpath wpath cpath
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c9ec0abe94e8a66cea008ed1a5f4d5b477e78bcf;p=openbsd

Pledge the syslogd privsep process with "stdio rpath wpath cpath
inet dns getpw sendfd proc exec".
OK deraadt@
---

diff --git a/usr.sbin/syslogd/privsep.c b/usr.sbin/syslogd/privsep.c
index 94f6b2ad4f1..4487650e88d 100644
--- a/usr.sbin/syslogd/privsep.c
+++ b/usr.sbin/syslogd/privsep.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: privsep.c,v 1.56 2015/10/15 20:26:47 bluhm Exp $	*/
+/*	$OpenBSD: privsep.c,v 1.57 2015/10/16 16:10:10 bluhm Exp $	*/
 
 /*
  * Copyright (c) 2003 Anil Madhavapeddy <anil@recoil.org>
@@ -144,6 +144,10 @@ priv_init(char *conf, int numeric, int lockfd, int nullfd, char *argv[])
 		return 0;
 	}
 
+	if (pledge("stdio rpath wpath cpath inet dns getpw sendfd proc exec",
+	    NULL) == -1)
+		err(1, "pledge priv");
+
 	if (!Debug) {
 		close(lockfd);
 		dup2(nullfd, STDIN_FILENO);