diff options
| author | Gilles Chehade <gilles@cvs.openbsd.org> | 2015-10-14 19:39:17 +0000 |
|---|---|---|
| committer | Gilles Chehade <gilles@cvs.openbsd.org> | 2015-10-14 19:39:17 +0000 |
| commit | 7098d5dcc0a8bd0f9e0bb0edf62f52bf5880510a (patch) | |
| tree | 9a36a4ca960d86a524d9f14bbc0664c464b694cf /usr.sbin | |
| parent | 652a1f264000ee70a8f836b04a17393a48187f64 (diff) | |
pledge() pony and lookup
ok deraadt@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/smtpd/lka.c | 5 | ||||
| -rw-r--r-- | usr.sbin/smtpd/pony.c | 5 |
2 files changed, 8 insertions, 2 deletions
diff --git a/usr.sbin/smtpd/lka.c b/usr.sbin/smtpd/lka.c index eacbc0549c6..fd127ad2270 100644 --- a/usr.sbin/smtpd/lka.c +++ b/usr.sbin/smtpd/lka.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka.c,v 1.176 2015/10/02 00:28:30 gilles Exp $ */ +/* $OpenBSD: lka.c,v 1.177 2015/10/14 19:39:16 gilles Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -514,6 +514,9 @@ lka(void) /* Ignore them until we get our config */ mproc_disable(p_pony); + if (pledge("stdio rpath inet dns getpw recvfd", NULL) == -1) + err(1, "pledge"); + if (event_dispatch() < 0) fatal("event_dispatch"); lka_shutdown(); diff --git a/usr.sbin/smtpd/pony.c b/usr.sbin/smtpd/pony.c index 0b049867ccb..ca12d0592b0 100644 --- a/usr.sbin/smtpd/pony.c +++ b/usr.sbin/smtpd/pony.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pony.c,v 1.7 2015/01/20 17:37:54 deraadt Exp $ */ +/* $OpenBSD: pony.c,v 1.8 2015/10/14 19:39:16 gilles Exp $ */ /* * Copyright (c) 2014 Gilles Chehade <gilles@poolp.org> @@ -215,6 +215,9 @@ pony(void) ca_engine_init(); + if (pledge("stdio inet unix recvfd sendfd", NULL) == -1) + err(1, "pledge"); + if (event_dispatch() < 0) fatal("event_dispatch"); pony_shutdown(); |