From ee59291b612d8b08eb2f596733bcdd2361809297 Mon Sep 17 00:00:00 2001 From: gilles Date: Tue, 13 Oct 2015 08:06:22 +0000 Subject: [PATCH] let the enqueuer pledge() in both online and offline modes ok deraadt@ --- usr.sbin/smtpd/enqueue.c | 10 ++++++++-- usr.sbin/smtpd/smtpctl.c | 6 +++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/usr.sbin/smtpd/enqueue.c b/usr.sbin/smtpd/enqueue.c index 7d8c3fd5d0f..a6fbd9df7a8 100644 --- a/usr.sbin/smtpd/enqueue.c +++ b/usr.sbin/smtpd/enqueue.c @@ -1,4 +1,4 @@ -/* $OpenBSD: enqueue.c,v 1.99 2015/10/12 21:32:27 millert Exp $ */ +/* $OpenBSD: enqueue.c,v 1.100 2015/10/13 08:06:22 gilles Exp $ */ /* * Copyright (c) 2005 Henning Brauer @@ -286,12 +286,18 @@ enqueue(int argc, char *argv[], FILE *ofp) /* check if working in offline mode */ /* If the server is not running, enqueue the message offline */ - if (!srv_connected()) + if (!srv_connected()) { + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); return (enqueue_offline(save_argc, save_argv, fp, ofp)); + } if ((msg.fd = open_connection()) == -1) errx(EX_UNAVAILABLE, "server too busy"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); + fout = fdopen(msg.fd, "a+"); if (fout == NULL) err(EX_UNAVAILABLE, "fdopen"); diff --git a/usr.sbin/smtpd/smtpctl.c b/usr.sbin/smtpd/smtpctl.c index 27e454eca39..725c66c4efd 100644 --- a/usr.sbin/smtpd/smtpctl.c +++ b/usr.sbin/smtpd/smtpctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpctl.c,v 1.129 2015/10/12 07:58:19 deraadt Exp $ */ +/* $OpenBSD: smtpctl.c,v 1.130 2015/10/13 08:06:22 gilles Exp $ */ /* * Copyright (c) 2013 Eric Faurot @@ -931,6 +931,10 @@ main(int argc, char **argv) if (setresgid(gid, gid, gid) == -1) err(1, "setresgid"); + /* we'll reduce further down the road */ + if (pledge("stdio rpath tmppath getpw recvfd", NULL) == -1) + err(1, "pledge"); + sendmail = 1; return (enqueue(argc, argv, offlinefp)); } -- 2.20.1