diff options
| author | Renato Westphal <renato@cvs.openbsd.org> | 2016-06-05 03:36:42 +0000 |
|---|---|---|
| committer | Renato Westphal <renato@cvs.openbsd.org> | 2016-06-05 03:36:42 +0000 |
| commit | 8c52fa46cd83fa18752be56c95efe5c5539052a5 (patch) | |
| tree | 262d93a452db4bf397566c91a416b752ffac5ced /usr.sbin/eigrpd/eigrpd.h | |
| parent | 0cd0e350cd3c14ca2f61e9ffbfe71e2815d6eaa2 (diff) | |
Improve security by calling exec after fork.
For each child process (rde and eigrpe), re-exec eigrpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.
Based on a similar patch for bgpd, from claudio@
ok deraadt
Diffstat (limited to 'usr.sbin/eigrpd/eigrpd.h')
| -rw-r--r-- | usr.sbin/eigrpd/eigrpd.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/usr.sbin/eigrpd/eigrpd.h b/usr.sbin/eigrpd/eigrpd.h index 34dd0b1b71b..41ddb49e90d 100644 --- a/usr.sbin/eigrpd/eigrpd.h +++ b/usr.sbin/eigrpd/eigrpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: eigrpd.h,v 1.14 2016/04/15 13:34:08 renato Exp $ */ +/* $OpenBSD: eigrpd.h,v 1.15 2016/06/05 03:36:41 renato Exp $ */ /* * Copyright (c) 2015 Renato Westphal <renato@openbsd.org> @@ -112,6 +112,7 @@ enum imsg_type { IMSG_SEND_SIAREPLY_END, IMSG_SEND_MUPDATE_END, IMSG_SEND_MQUERY_END, + IMSG_SOCKET_IPC, IMSG_RECONF_CONF, IMSG_RECONF_IFACE, IMSG_RECONF_INSTANCE, @@ -302,7 +303,7 @@ struct eigrp { }; /* eigrp_conf */ -enum { +enum eigrpd_process { PROC_MAIN, PROC_EIGRP_ENGINE, PROC_RDE_ENGINE @@ -483,6 +484,7 @@ void clearscope(struct in6_addr *); void main_imsg_compose_eigrpe(int, pid_t, void *, uint16_t); void main_imsg_compose_rde(int, pid_t, void *, uint16_t); void merge_config(struct eigrpd_conf *, struct eigrpd_conf *); +struct eigrpd_conf *config_new_empty(void); void config_clear(struct eigrpd_conf *); void imsg_event_add(struct imsgev *); int imsg_compose_event(struct imsgev *, uint16_t, uint32_t, |