diff options
| author | Renato Westphal <renato@cvs.openbsd.org> | 2016-05-23 19:16:01 +0000 |
|---|---|---|
| committer | Renato Westphal <renato@cvs.openbsd.org> | 2016-05-23 19:16:01 +0000 |
| commit | 95732ab88a662f585b052bfcc9ff881f527464be (patch) | |
| tree | e1e218e91d36803ac7bb9b512004a3f559686dcb /usr.sbin/ldpd/ldpe.h | |
| parent | bc3c7ad34d2a73973e0297c7ee4641c521b50a95 (diff) | |
Improve security by calling exec after fork.
For each child process (lde and ldpe), re-exec ldpd with a special
"per-role" getopt flag. This way we have seperate ASLR/cookies per
process.
Based on a similar patch for bgpd, from claudio@
Requested by deraadt@
Diffstat (limited to 'usr.sbin/ldpd/ldpe.h')
| -rw-r--r-- | usr.sbin/ldpd/ldpe.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.sbin/ldpd/ldpe.h b/usr.sbin/ldpd/ldpe.h index 382f5d6f814..67ee322476d 100644 --- a/usr.sbin/ldpd/ldpe.h +++ b/usr.sbin/ldpd/ldpe.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ldpe.h,v 1.55 2016/05/23 19:14:03 renato Exp $ */ +/* $OpenBSD: ldpe.h,v 1.56 2016/05/23 19:16:00 renato Exp $ */ /* * Copyright (c) 2013, 2016 Renato Westphal <renato@openbsd.org> @@ -173,7 +173,7 @@ int tlv_decode_fec_elm(struct nbr *, struct ldp_msg *, char *, uint16_t, struct map *); /* ldpe.c */ -pid_t ldpe(struct ldpd_conf *, int[2], int[2], int[2]); +pid_t ldpe(int, int); int ldpe_imsg_compose_parent(int, pid_t, void *, uint16_t); int ldpe_imsg_compose_lde(int, uint32_t, pid_t, void *, |