diff options
author | mestre <mestre@cvs.openbsd.org> | 2016-02-05 10:13:52 +0000 |
---|---|---|
committer | mestre <mestre@cvs.openbsd.org> | 2016-02-05 10:13:52 +0000 |
commit | 5d65d2018efec54d213937ca458946488546a6e3 (patch) | |
tree | c77157a60678dfc2595bb45cb3921358ffeb17eb /libexec/talkd/talkd.c | |
parent | 047d75521db9f039032f717089325418f775a339 (diff) |
pledge(2) for talkd(8):
rpath: fopen(3) _PATH_UTMP in read mode
wpath/cpath: fopen(3) full_tty in write mode (w), which implies O_CREAT
inet/dns: the intervening hosts in the conversation may be remote, or not, but
since we will never know beforehand then it'll always need inet and dns to
resolve the hostnames
ok jca@ and also discussed with tb@
Diffstat (limited to 'libexec/talkd/talkd.c')
-rw-r--r-- | libexec/talkd/talkd.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/libexec/talkd/talkd.c b/libexec/talkd/talkd.c index 14135d67754..7add8370ab8 100644 --- a/libexec/talkd/talkd.c +++ b/libexec/talkd/talkd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: talkd.c,v 1.24 2016/02/01 07:25:51 mestre Exp $ */ +/* $OpenBSD: talkd.c,v 1.25 2016/02/05 10:13:51 mestre Exp $ */ /* * Copyright (c) 1983 Regents of the University of California. @@ -81,6 +81,11 @@ main(int argc, char *argv[]) signal(SIGALRM, timeout); alarm(TIMEOUT); + if (pledge("stdio rpath wpath cpath inet dns", NULL) == -1) { + syslog(LOG_ERR, "pledge: %m"); + _exit(1); + } + for (;;) { CTL_RESPONSE response; socklen_t len = sizeof(response.addr); |