summaryrefslogtreecommitdiff
path: root/usr.sbin/inetd/inetd.c
diff options
context:
space:
mode:
authorJeremie Courreges-Anglas <jca@cvs.openbsd.org>2017-10-04 23:56:49 +0000
committerJeremie Courreges-Anglas <jca@cvs.openbsd.org>2017-10-04 23:56:49 +0000
commit95eed4de31cc935a9b979d5903d696aa042bd807 (patch)
tree069468dc2b6027bac0241453a30dc5b2551c4c4f /usr.sbin/inetd/inetd.c
parent2a1ceee109b000e6b88ee5de5096432736a674d7 (diff)
Fix pledge(2) usage
We should not try to tighten pledge promises in the master inetd process, since those are needed to reload the configuration. Only tighten down if 1) we have forked 2) we're running one of the builtin routines, which are dealing with network input. Pointed out by and ok benno@
Diffstat (limited to 'usr.sbin/inetd/inetd.c')
-rw-r--r--usr.sbin/inetd/inetd.c16
1 files changed, 5 insertions, 11 deletions
diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c
index 4670540b604..b399a21311a 100644
--- a/usr.sbin/inetd/inetd.c
+++ b/usr.sbin/inetd/inetd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: inetd.c,v 1.157 2017/10/04 20:15:52 jca Exp $ */
+/* $OpenBSD: inetd.c,v 1.158 2017/10/04 23:56:48 jca Exp $ */
/*
* Copyright (c) 1983,1991 The Regents of the University of California.
@@ -1752,22 +1752,16 @@ spawn(int ctrl, short events, void *xsep)
return;
}
- if (sep->se_family == AF_UNIX) {
- if (pledge("stdio rpath cpath getpw inet proc exec id", NULL) == -1)
- err(1, "pledge");
- } else {
- if (pledge("stdio rpath getpw inet proc exec id", NULL) == -1)
- err(1, "pledge");
- }
-
if (pid && sep->se_wait) {
sep->se_wait = pid;
event_del(&sep->se_event);
}
if (pid == 0) {
- if (sep->se_bi)
+ if (sep->se_bi) {
+ if (dofork && pledge("stdio inet", NULL) == -1)
+ err(1, "pledge");
(*sep->se_bi->bi_fn)(ctrl, sep);
- else {
+ } else {
if ((pwd = getpwnam(sep->se_user)) == NULL) {
syslog(LOG_ERR,
"getpwnam: %s: No such user",