diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2017-01-23 04:25:06 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2017-01-23 04:25:06 +0000 |
| commit | c79450c75979248fff1458d7acd1302286d44035 (patch) | |
| tree | c83a77c5ebcdf18c65fafeb0d7e22121efeafc5b /usr.sbin | |
| parent | 8b744ded342c9a9dbcebe93b1337bd1f0a536685 (diff) | |
Split pledge "ioctl" into "tape" and "bpf", and allow SIOCGIFGROUP only
upon "inet". Adjust the 4 programs that care about this.
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/httpd/httpd.c | 5 | ||||
| -rw-r--r-- | usr.sbin/tcpdump/privsep.c | 4 |
2 files changed, 4 insertions, 5 deletions
diff --git a/usr.sbin/httpd/httpd.c b/usr.sbin/httpd/httpd.c index 47d6676444b..6daccdf52ad 100644 --- a/usr.sbin/httpd/httpd.c +++ b/usr.sbin/httpd/httpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: httpd.c,v 1.63 2017/01/09 14:49:22 reyk Exp $ */ +/* $OpenBSD: httpd.c,v 1.64 2017/01/23 04:25:05 deraadt Exp $ */ /* * Copyright (c) 2014 Reyk Floeter <reyk@openbsd.org> @@ -222,8 +222,7 @@ main(int argc, char *argv[]) if (ps->ps_noaction == 0) log_info("startup"); - if (pledge("stdio rpath wpath cpath inet dns ioctl sendfd", - NULL) == -1) + if (pledge("stdio rpath wpath cpath inet dns sendfd", NULL) == -1) fatal("pledge"); event_init(); diff --git a/usr.sbin/tcpdump/privsep.c b/usr.sbin/tcpdump/privsep.c index ba7aa82a15a..596822b4355 100644 --- a/usr.sbin/tcpdump/privsep.c +++ b/usr.sbin/tcpdump/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.43 2016/07/25 02:35:26 deraadt Exp $ */ +/* $OpenBSD: privsep.c,v 1.44 2017/01/23 04:25:05 deraadt Exp $ */ /* * Copyright (c) 2003 Can Erkin Acar @@ -272,7 +272,7 @@ priv_init(int argc, char **argv) test_state(cmd, STATE_RUN); impl_init_done(socks[0], &bpfd); - if (pledge("stdio rpath inet unix ioctl dns recvfd", NULL) == -1) + if (pledge("stdio rpath inet unix dns recvfd bpf", NULL) == -1) err(1, "pledge"); break; |