From 38e30fa29e929ab4a65ee870c3f64ca0709ae154 Mon Sep 17 00:00:00 2001 From: deraadt Date: Sat, 17 Oct 2015 04:36:10 +0000 Subject: [PATCH] smtpd starts rather robustly with a gigantic pledge request group (keep in mind that a gigantic group is already < ~50% of POSIX). It then grinds these down bit by bit as it sets up privsep for the various processes. At startup, smtpd will need the new "id" request as well. ok gilles tedu --- usr.sbin/smtpd/smtpd.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c index d8222dbca86..3100b156ece 100644 --- a/usr.sbin/smtpd/smtpd.c +++ b/usr.sbin/smtpd/smtpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.c,v 1.248 2015/10/16 20:54:55 gilles Exp $ */ +/* $OpenBSD: smtpd.c,v 1.249 2015/10/17 04:36:10 deraadt Exp $ */ /* * Copyright (c) 2008 Gilles Chehade @@ -690,7 +690,8 @@ main(int argc, char *argv[]) purge_task(); - if (pledge("stdio rpath wpath cpath flock tmppath getpw sendfd proc exec", NULL) == -1) + if (pledge("stdio rpath wpath cpath flock tmppath getpw sendfd proc exec id", + NULL) == -1) err(1, "pledge"); if (event_dispatch() < 0) -- 2.20.1