diff options
| author | Jeremie Courreges-Anglas <jca@cvs.openbsd.org> | 2015-10-18 16:11:20 +0000 |
|---|---|---|
| committer | Jeremie Courreges-Anglas <jca@cvs.openbsd.org> | 2015-10-18 16:11:20 +0000 |
| commit | 25fe845d9888da19a15843467bc657eafb243bba (patch) | |
| tree | cba4b098ec1b6bcd18d8ce642775c1e7f59d01ae /usr.sbin | |
| parent | a677471cc6eecae91ae3188e1a11d513b19f58de (diff) | |
Make use of pledge(2); initial diff from deraadt@
As Theo says, there's probably room for stricter pledge requests, but
this would involve refactoring.
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/inetd/inetd.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c index 85661194cc7..5a173791f56 100644 --- a/usr.sbin/inetd/inetd.c +++ b/usr.sbin/inetd/inetd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inetd.c,v 1.143 2015/01/16 06:40:17 deraadt Exp $ */ +/* $OpenBSD: inetd.c,v 1.144 2015/10/18 16:11:19 jca Exp $ */ /* * Copyright (c) 1983,1991 The Regents of the University of California. @@ -297,7 +297,7 @@ main(int argc, char *argv[]) int ch; extern char *optarg; extern int optind; - + while ((ch = getopt(argc, argv, "dR:")) != -1) switch (ch) { case 'd': @@ -347,6 +347,9 @@ main(int argc, char *argv[]) (void) setlogin(""); } + if (pledge("stdio rpath getpw dns inet proc exec id abort", NULL) == -1) + err(1, "pledge"); + if (uid == 0) { gid_t gid = getgid(); @@ -1770,6 +1773,10 @@ spawn(int ctrl, short events, void *xsep) sleep(1); return; } + + if (pledge("stdio rpath getpw inet proc exec id abort", NULL) == -1) + err(1, "pledge"); + if (pid && sep->se_wait) { sep->se_wait = pid; event_del(&sep->se_event); |