summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonathan Matthew <jmatthew@cvs.openbsd.org>2015-11-15 01:31:58 +0000
committerJonathan Matthew <jmatthew@cvs.openbsd.org>2015-11-15 01:31:58 +0000
commit2fde2f7e9ee4be054f5a8fcc1121309f8daaac31 (patch)
tree7b039e4be59651c8ed398127640972f982e2c25c
parentb8b7f40768251382a7ea30f00daa778c34969a20 (diff)
pledge for ypldap is easy because it's purely a network program.
One process talks to yp clients, one talks to ldap servers, one does dns. ok deraadt@
-rw-r--r--usr.sbin/ypldap/ldapclient.c5
-rw-r--r--usr.sbin/ypldap/ypldap.c5
-rw-r--r--usr.sbin/ypldap/ypldap_dns.c5
3 files changed, 12 insertions, 3 deletions
diff --git a/usr.sbin/ypldap/ldapclient.c b/usr.sbin/ypldap/ldapclient.c
index 3cb1a0701f3..07388d53772 100644
--- a/usr.sbin/ypldap/ldapclient.c
+++ b/usr.sbin/ypldap/ldapclient.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ldapclient.c,v 1.32 2015/01/16 06:40:22 deraadt Exp $ */
+/* $OpenBSD: ldapclient.c,v 1.33 2015/11/15 01:31:57 jmatthew Exp $ */
/*
* Copyright (c) 2008 Alexander Schrijver <aschrijver@openbsd.org>
@@ -404,6 +404,9 @@ ldapclient(int pipe_main2client[2])
#warning disabling privilege revocation in DEBUG mode
#endif
+ if (pledge("stdio inet", NULL) == -1)
+ fatal("pledge");
+
event_init();
signal(SIGPIPE, SIG_IGN);
signal_set(&ev_sigint, SIGINT, client_sig_handler, NULL);
diff --git a/usr.sbin/ypldap/ypldap.c b/usr.sbin/ypldap/ypldap.c
index 327a78315ae..331b6b0d08a 100644
--- a/usr.sbin/ypldap/ypldap.c
+++ b/usr.sbin/ypldap/ypldap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ypldap.c,v 1.16 2015/11/02 10:06:06 jmatthew Exp $ */
+/* $OpenBSD: ypldap.c,v 1.17 2015/11/15 01:31:57 jmatthew Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -608,6 +608,9 @@ main(int argc, char *argv[])
#warning disabling privilege revocation in debug mode
#endif
+ if (pledge("stdio inet", NULL) == -1)
+ fatal("pledge");
+
bzero(&tv, sizeof(tv));
evtimer_set(&ev_timer, main_init_timer, &env);
evtimer_add(&ev_timer, &tv);
diff --git a/usr.sbin/ypldap/ypldap_dns.c b/usr.sbin/ypldap/ypldap_dns.c
index 24483861715..368af3742c4 100644
--- a/usr.sbin/ypldap/ypldap_dns.c
+++ b/usr.sbin/ypldap/ypldap_dns.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ypldap_dns.c,v 1.8 2015/01/16 06:40:22 deraadt Exp $ */
+/* $OpenBSD: ypldap_dns.c,v 1.9 2015/11/15 01:31:57 jmatthew Exp $ */
/*
* Copyright (c) 2003-2008 Henning Brauer <henning@openbsd.org>
@@ -96,6 +96,9 @@ ypldap_dns(int pipe_ntp[2], struct passwd *pw)
fatal("can't drop privileges");
endservent();
+ if (pledge("stdio dns", NULL) == -1)
+ fatal("pledge");
+
event_init();
signal_set(&ev_sigint, SIGINT, dns_sig_handler, NULL);
signal_set(&ev_sigterm, SIGTERM, dns_sig_handler, NULL);