From 350a56c6d0b3f4e22d3e31f240aba375864da78d Mon Sep 17 00:00:00 2001 From: deraadt Date: Tue, 6 Oct 2015 15:39:44 +0000 Subject: [PATCH] Move from tame "cmsg" to tame "sendfd" or "recvfd", depending on which way the process moves fd's. --- usr.bin/file/file.c | 6 +++--- usr.sbin/bgpd/session.c | 4 ++-- usr.sbin/tcpdump/privsep.c | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/usr.bin/file/file.c b/usr.bin/file/file.c index f6e13e9bca1..1ac228c3f91 100644 --- a/usr.bin/file/file.c +++ b/usr.bin/file/file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: file.c,v 1.50 2015/10/05 06:23:34 deraadt Exp $ */ +/* $OpenBSD: file.c,v 1.51 2015/10/06 15:39:44 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -351,7 +351,7 @@ child(int fd, pid_t parent, int argc, char **argv) int i, idx; size_t len, width = 0; - if (tame("stdio cmsg getpw proc", NULL) == -1) + if (tame("stdio getpw proc recvfd", NULL) == -1) err(1, "tame"); if (geteuid() == 0) { @@ -366,7 +366,7 @@ child(int fd, pid_t parent, int argc, char **argv) err(1, "setresuid"); } - if (tame("stdio cmsg", NULL) == -1) + if (tame("stdio recvfd", NULL) == -1) err(1, "tame"); m = magic_load(magicfp, magicpath, cflag || Wflag); diff --git a/usr.sbin/bgpd/session.c b/usr.sbin/bgpd/session.c index bd725af0b66..7ba006a5c9d 100644 --- a/usr.sbin/bgpd/session.c +++ b/usr.sbin/bgpd/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.341 2015/10/05 16:16:41 deraadt Exp $ */ +/* $OpenBSD: session.c,v 1.342 2015/10/06 15:39:44 deraadt Exp $ */ /* * Copyright (c) 2003, 2004, 2005 Henning Brauer @@ -219,7 +219,7 @@ session_main(int debug, int verbose) setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("can't drop privileges"); - if (tame("stdio inet cmsg", NULL) == -1) + if (tame("stdio inet recvfd", NULL) == -1) err(1, "tame"); signal(SIGTERM, session_sighdlr); diff --git a/usr.sbin/tcpdump/privsep.c b/usr.sbin/tcpdump/privsep.c index dc1ab16392b..c57053e68ef 100644 --- a/usr.sbin/tcpdump/privsep.c +++ b/usr.sbin/tcpdump/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.36 2015/10/03 00:51:08 deraadt Exp $ */ +/* $OpenBSD: privsep.c,v 1.37 2015/10/06 15:39:44 deraadt Exp $ */ /* * Copyright (c) 2003 Can Erkin Acar @@ -281,7 +281,7 @@ priv_init(int argc, char **argv) case PRIV_INIT_DONE: test_state(cmd, STATE_RUN); impl_init_done(socks[0], &bpfd); - if (tame("malloc cmsg inet ioctl dns rpath", NULL) == -1) + if (tame("stdio rpath inet unix ioctl dns recvfd", NULL) == -1) err(1, "tame"); break; case PRIV_GETHOSTBYADDR: -- 2.20.1