summaryrefslogtreecommitdiff
path: root/usr.sbin/syslogd
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2015-10-16 16:10:11 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2015-10-16 16:10:11 +0000
commit1ee57807771d6f013365c131d8da16bb6e624592 (patch)
treee4cf28f7ad9ced545c2238ba0aa1d928d2faadcb /usr.sbin/syslogd
parenta3d434921e7117dc4b513a31708159dfe49eb1bc (diff)
Pledge the syslogd privsep process with "stdio rpath wpath cpath
inet dns getpw sendfd proc exec". OK deraadt@
Diffstat (limited to 'usr.sbin/syslogd')
-rw-r--r--usr.sbin/syslogd/privsep.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/usr.sbin/syslogd/privsep.c b/usr.sbin/syslogd/privsep.c
index 94f6b2ad4f1..4487650e88d 100644
--- a/usr.sbin/syslogd/privsep.c
+++ b/usr.sbin/syslogd/privsep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: privsep.c,v 1.56 2015/10/15 20:26:47 bluhm Exp $ */
+/* $OpenBSD: privsep.c,v 1.57 2015/10/16 16:10:10 bluhm Exp $ */
/*
* Copyright (c) 2003 Anil Madhavapeddy <anil@recoil.org>
@@ -144,6 +144,10 @@ priv_init(char *conf, int numeric, int lockfd, int nullfd, char *argv[])
return 0;
}
+ if (pledge("stdio rpath wpath cpath inet dns getpw sendfd proc exec",
+ NULL) == -1)
+ err(1, "pledge priv");
+
if (!Debug) {
close(lockfd);
dup2(nullfd, STDIN_FILENO);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 04:03:23 +0000