diff options
| author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2024-02-06 05:39:29 +0000 |
|---|---|---|
| committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2024-02-06 05:39:29 +0000 |
| commit | 3168c09e3e7edeeba13d7cb07c50588fd8c2292a (patch) | |
| tree | 2ce7f132af93e1679b65ea20a93d64550e0ec37c | |
| parent | ca0904ad2d7c6efb82a3c539edfff8ec56f2b8c4 (diff) | |
Tweak previous. Passing "dns" to pledge(2) is suitable for the purpose.
input deraadt, ok tobhe
| -rw-r--r-- | sbin/ipsecctl/ipsecctl.c | 15 |
1 files changed, 5 insertions, 10 deletions
diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c index 197e143d7f9..085a3b51f01 100644 --- a/sbin/ipsecctl/ipsecctl.c +++ b/sbin/ipsecctl/ipsecctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsecctl.c,v 1.87 2024/01/29 00:59:54 yasuoka Exp $ */ +/* $OpenBSD: ipsecctl.c,v 1.88 2024/02/06 05:39:28 yasuoka Exp $ */ /* * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org> * @@ -706,11 +706,7 @@ ipsecctl_show(int opts) } } - /* open /etc/{services,protocols} before pledge(2) */ - setservent(1); - setprotoent(1); - - if (pledge("stdio", NULL) == -1) + if (pledge("stdio dns", NULL) == -1) err(1, "pledge"); if (rbuf != NULL) { @@ -751,6 +747,9 @@ ipsecctl_show(int opts) printf("No flows\n"); } + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); + if (sbuf != NULL) { if (opts & IPSECCTL_OPT_SHOWALL) ipsecctl_print_title("SAD:"); @@ -785,10 +784,6 @@ ipsecctl_show(int opts) ipsecctl_print_title("SAD:"); printf("No entries\n"); } - - /* close /etc/{services,protocols} */ - endservent(); - endprotoent(); } int |