diff options
| author | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2010-01-31 05:49:52 +0000 |
|---|---|---|
| committer | YASUOKA Masahiko <yasuoka@cvs.openbsd.org> | 2010-01-31 05:49:52 +0000 |
| commit | fceb6db87ac8ef9ad4b6724b1c49236e55988205 (patch) | |
| tree | 82790a5a1cce47b6128d0f5239f9afa904ef5e7f /usr.sbin/npppd/pppoe | |
| parent | 0d8a83a403b2418bd67b9c3071d38eee519335e9 (diff) | |
privilege separation of npppd.
- Drop privilege after daemon initializing.
- Some system calls that requires root privileges were replaced to
wrapper functions that communicate with a separated privileged
process via IPC. And the privileged process checks whether the
operations are acceptable.
Diffstat (limited to 'usr.sbin/npppd/pppoe')
| -rw-r--r-- | usr.sbin/npppd/pppoe/pppoed.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.sbin/npppd/pppoe/pppoed.c b/usr.sbin/npppd/pppoe/pppoed.c index 35f75d1bb3b..9c9b52d9dc4 100644 --- a/usr.sbin/npppd/pppoe/pppoed.c +++ b/usr.sbin/npppd/pppoe/pppoed.c @@ -29,7 +29,7 @@ * <dt>RFC 2516</dt> * <dd>A Method for Transmitting PPP Over Ethernet (PPPoE)</dd> * </dl> - * $Id: pppoed.c,v 1.3 2010/01/27 07:27:02 yasuoka Exp $ + * $Id: pppoed.c,v 1.4 2010/01/31 05:49:51 yasuoka Exp $ */ #include <sys/types.h> #include <sys/param.h> @@ -68,6 +68,7 @@ #include "properties.h" #include "config_helper.h" #include "rtev.h" +#include "privsep.h" #include "pppoe.h" #include "pppoe_local.h" @@ -278,7 +279,7 @@ pppoed_listener_start(pppoed_listener *_this, int restart) /* FIXME: NetBSD 3.0 では、/dev/bpf 一つで何度も開けるらしい */ for (i = 0; i < 256; i++) { snprintf(buf, sizeof(buf), "/dev/bpf%d", i); - if ((_this->bpf = open(buf, O_RDWR, 0600)) >= 0) { + if ((_this->bpf = priv_open(buf, O_RDWR, 0600)) >= 0) { break; } else if (errno == ENXIO || errno == ENOENT) break; /* これ以上探してもみつからないはず */ |