From eb61d8899245f21f5990f95ddcb5a8b463669c66 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Wed, 7 Oct 2015 20:26:16 +0000
Subject: [PATCH] In theory, bgpd should be happy with tame "stdio unix route
 recvfd". Let's hear from people's experiences by commiting it.

---
 usr.sbin/bgpd/rde.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/bgpd/rde.c b/usr.sbin/bgpd/rde.c
index 40dd5b6a538..4d83e62cfeb 100644
--- a/usr.sbin/bgpd/rde.c
+++ b/usr.sbin/bgpd/rde.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rde.c,v 1.339 2015/09/21 09:47:15 phessler Exp $ */
+/*	$OpenBSD: rde.c,v 1.340 2015/10/07 20:26:16 deraadt Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -30,6 +30,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <err.h>
 
 #include "bgpd.h"
 #include "mrt.h"
@@ -186,6 +187,9 @@ rde_main(int debug, int verbose)
 	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
 		fatal("can't drop privileges");
 
+	if (tame("stdio unix route recvfd", NULL) == -1)
+		fatal("tame");
+
 	signal(SIGTERM, rde_sighdlr);
 	signal(SIGINT, rde_sighdlr);
 	signal(SIGPIPE, SIG_IGN);
-- 
2.20.1