From a5a6694e7f11def68ef57a5cdb05ee2daa53eb2f Mon Sep 17 00:00:00 2001 From: renato Date: Sat, 10 Oct 2015 05:12:33 +0000 Subject: [PATCH] Make use of pledge(2). ok deraadt --- usr.sbin/eigrpd/eigrpd.c | 5 ++++- usr.sbin/eigrpd/eigrpe.c | 5 ++++- usr.sbin/eigrpd/rde.c | 5 ++++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/usr.sbin/eigrpd/eigrpd.c b/usr.sbin/eigrpd/eigrpd.c index 6d4191bb003..64658969337 100644 --- a/usr.sbin/eigrpd/eigrpd.c +++ b/usr.sbin/eigrpd/eigrpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: eigrpd.c,v 1.1 2015/10/02 04:26:47 renato Exp $ */ +/* $OpenBSD: eigrpd.c,v 1.2 2015/10/10 05:12:33 renato Exp $ */ /* * Copyright (c) 2015 Renato Westphal @@ -275,6 +275,9 @@ main(int argc, char *argv[]) eigrpd_conf->rdomain) == -1) fatalx("kr_init failed"); + if (pledge("stdio proc", NULL) == -1) + fatal("pledge"); + event_dispatch(); eigrpd_shutdown(); diff --git a/usr.sbin/eigrpd/eigrpe.c b/usr.sbin/eigrpd/eigrpe.c index e0fbc4a2916..eb515a7dc23 100644 --- a/usr.sbin/eigrpd/eigrpe.c +++ b/usr.sbin/eigrpd/eigrpe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: eigrpe.c,v 1.4 2015/10/10 05:09:19 renato Exp $ */ +/* $OpenBSD: eigrpe.c,v 1.5 2015/10/10 05:12:33 renato Exp $ */ /* * Copyright (c) 2015 Renato Westphal @@ -190,6 +190,9 @@ eigrpe(struct eigrpd_conf *xconf, int pipe_parent2eigrpe[2], int pipe_eigrpe2rde TAILQ_FOREACH(iface, &econf->iface_list, entry) if_init(xconf, iface); + if (pledge("stdio inet mcast", NULL) == -1) + fatal("pledge"); + event_dispatch(); eigrpe_shutdown(); diff --git a/usr.sbin/eigrpd/rde.c b/usr.sbin/eigrpd/rde.c index 704231af6fe..6cc10589ad5 100644 --- a/usr.sbin/eigrpd/rde.c +++ b/usr.sbin/eigrpd/rde.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde.c,v 1.3 2015/10/05 01:59:33 renato Exp $ */ +/* $OpenBSD: rde.c,v 1.4 2015/10/10 05:12:33 renato Exp $ */ /* * Copyright (c) 2015 Renato Westphal @@ -107,6 +107,9 @@ rde(struct eigrpd_conf *xconf, int pipe_parent2rde[2], int pipe_eigrpe2rde[2], setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("can't drop privileges"); + if (pledge("stdio", NULL) == -1) + fatal("pledge"); + event_init(); /* setup signal handler */ -- 2.20.1