From 4ecd42c0f02778a2fd2482a7dd1be802d96dc9de Mon Sep 17 00:00:00 2001 From: yasuoka Date: Tue, 6 Feb 2024 05:39:28 +0000 Subject: [PATCH] Tweak previous. Passing "dns" to pledge(2) is suitable for the purpose. input deraadt, ok tobhe --- sbin/ipsecctl/ipsecctl.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c index 197e143d7f9..085a3b51f01 100644 --- a/sbin/ipsecctl/ipsecctl.c +++ b/sbin/ipsecctl/ipsecctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.c,v 1.87 2024/01/29 00:59:54 yasuoka Exp $ */ +/* $OpenBSD: ipsecctl.c,v 1.88 2024/02/06 05:39:28 yasuoka Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer * @@ -706,11 +706,7 @@ ipsecctl_show(int opts) } } - /* open /etc/{services,protocols} before pledge(2) */ - setservent(1); - setprotoent(1); - - if (pledge("stdio", NULL) == -1) + if (pledge("stdio dns", NULL) == -1) err(1, "pledge"); if (rbuf != NULL) { @@ -751,6 +747,9 @@ ipsecctl_show(int opts) printf("No flows\n"); } + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); + if (sbuf != NULL) { if (opts & IPSECCTL_OPT_SHOWALL) ipsecctl_print_title("SAD:"); @@ -785,10 +784,6 @@ ipsecctl_show(int opts) ipsecctl_print_title("SAD:"); printf("No entries\n"); } - - /* close /etc/{services,protocols} */ - endservent(); - endprotoent(); } int -- 2.20.1