diff options
| author | Florian Obser <florian@cvs.openbsd.org> | 2015-11-20 23:26:09 +0000 |
|---|---|---|
| committer | Florian Obser <florian@cvs.openbsd.org> | 2015-11-20 23:26:09 +0000 |
| commit | b3b5bfbd60eeb66fe3c4ea3f9bbde6691f7df512 (patch) | |
| tree | 12f12e922667a773f2d4bb5d1b396fafee433fa7 /usr.sbin/bgpd/session.c | |
| parent | 3d9909217d438dcb7957ccecb6416b9280b2f26d (diff) | |
bgpd has been naughty. It tries to play with AF_UNIX sockets without
pledging "unix".
Move control_listen up to the main process which already has
pledge("unix"). accept(2) was already allowed.
(Technically no longer necessary since listen(2) is now allowed, too,
but this moves it to the right place.)
OK claudio@, deraadt@
Diffstat (limited to 'usr.sbin/bgpd/session.c')
| -rw-r--r-- | usr.sbin/bgpd/session.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/usr.sbin/bgpd/session.c b/usr.sbin/bgpd/session.c index 56041d3943a..8c853a1a0d2 100644 --- a/usr.sbin/bgpd/session.c +++ b/usr.sbin/bgpd/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.346 2015/11/17 09:15:21 benno Exp $ */ +/* $OpenBSD: session.c,v 1.347 2015/11/20 23:26:08 florian Exp $ */ /* * Copyright (c) 2003, 2004, 2005 Henning Brauer <henning@openbsd.org> @@ -2660,11 +2660,9 @@ session_dispatch_imsg(struct imsgbuf *ibuf, int idx, u_int *listener_cnt) if (restricted) { control_shutdown(rcsock); rcsock = imsg.fd; - control_listen(rcsock); } else { control_shutdown(csock); csock = imsg.fd; - control_listen(csock); } break; case IMSG_RECONF_DONE: |