After calling getaddrinfo(3) both on rfc868 and ntp cases we can drop the "dns"

promise and only pledge("stdio inet") since from here until the end of the
program we will only exchange packets through sockets.

After a discussion with deraadt@ about adding privdrop to it we came to the
conclusion that the easiest and sane solution is just to reduce pledge(2)
instead of adding a ton of code to chroot the child that is already forbidden
to access the filesystem anyway.

2 files changed, 8 insertions, 2 deletions

diff --git a/usr.sbin/rdate/ntp.c b/usr.sbin/rdate/ntp.c
index 688436ac4de..547bdd98e53 100644
--- a/usr.sbin/rdate/ntp.c
+++ b/usr.sbin/rdate/ntp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ntp.c,v 1.33 2015/01/16 06:40:20 deraadt Exp $	*/
+/*	$OpenBSD: ntp.c,v 1.34 2018/08/18 15:25:20 mestre Exp $	*/
 
 /*
  * Copyright (c) 1996, 1997 by N.M. Maclaren. All rights reserved.
@@ -136,6 +136,9 @@ ntp_client(const char *hostname, int family, struct timeval *new,
 		/*NOTREACHED*/
 	}
 
+	if (pledge("stdio inet", NULL) == -1)
+		err(1, "pledge");
+
 	corrleaps = leapflag;
 	if (corrleaps)
 		ntpleaps_init();
diff --git a/usr.sbin/rdate/rfc868time.c b/usr.sbin/rdate/rfc868time.c
index be97fcd4785..2158fb632dc 100644
--- a/usr.sbin/rdate/rfc868time.c
+++ b/usr.sbin/rdate/rfc868time.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rfc868time.c,v 1.10 2015/01/16 06:40:20 deraadt Exp $	*/
+/*	$OpenBSD: rfc868time.c,v 1.11 2018/08/18 15:25:20 mestre Exp $	*/
 /*	$NetBSD: rdate.c,v 1.4 1996/03/16 12:37:45 pk Exp $	*/
 
 /*
@@ -82,6 +82,9 @@ rfc868time_client(const char *hostname, int family, struct timeval *new,
 		/*NOTREACHED*/
 	}
 
+	if (pledge("stdio inet", NULL) == -1)
+		err(1, "pledge");
+
 	s = -1;
 	for (res = res0; res; res = res->ai_next) {
 		s = socket(res->ai_family, res->ai_socktype, res->ai_protocol);