Remove #if'ed 0 code around a broken pledge. Due to some ioctls and sysctls

pledge cannot be used, nevertheless since we now have unveil available we can
use it to guarantee that in this particular case the snmpe process cannot
access the filesystem at all, therefore close a big attack vector and achieve
a great level of protection even without being able to use pledge.

prodded by deraadt@

1 files changed, 1 insertions, 9 deletions

diff --git a/usr.sbin/snmpd/snmpe.c b/usr.sbin/snmpd/snmpe.c
index 0b0d39c8ea6..d8a02dd87c8 100644
--- a/usr.sbin/snmpd/snmpe.c
+++ b/usr.sbin/snmpd/snmpe.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: snmpe.c,v 1.55 2018/11/05 11:59:05 mestre Exp $	*/
+/*	$OpenBSD: snmpe.c,v 1.56 2018/11/13 07:29:07 mestre Exp $	*/
 
 /*
  * Copyright (c) 2007, 2008, 2012 Reyk Floeter <reyk@openbsd.org>
@@ -124,14 +124,6 @@ snmpe_init(struct privsep *ps, struct privsep_proc *p, void *arg)
 		fatal("unveil");
 	if (unveil(NULL, NULL) == -1)
 		fatal("unveil");
-#if 0
-	/*
-	 * XXX Refactoring required to move illegal ioctls and sysctls.
-	 * XXX See mps_* and if_mib in mib.c, etc.
-	 */
-BROKEN	if (pledge("stdio inet route recvfd vminfo", NULL) == -1)
-		fatal("pledge");
-#endif
 }
 
 void