diff options
| -rw-r--r-- | sys/kern/kern_pledge.c | 3 | ||||
| -rw-r--r-- | usr.sbin/relayd/hce.c | 5 |
2 files changed, 6 insertions, 2 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index a66d3ad9f25..8a72ea8047a 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.125 2015/11/27 18:54:47 jca Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.126 2015/11/28 18:10:12 benno Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -1339,6 +1339,7 @@ pledge_sockopt(struct proc *p, int set, int level, int optname) case IP_TOS: case IP_TTL: case IP_MINTTL: + case IP_IPDEFTTL: case IP_PORTRANGE: case IP_RECVDSTADDR: case IP_RECVDSTPORT: diff --git a/usr.sbin/relayd/hce.c b/usr.sbin/relayd/hce.c index f7fc77cc144..0c520a27577 100644 --- a/usr.sbin/relayd/hce.c +++ b/usr.sbin/relayd/hce.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hce.c,v 1.69 2015/01/22 17:42:09 reyk Exp $ */ +/* $OpenBSD: hce.c,v 1.70 2015/11/28 18:10:12 benno Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -69,6 +69,9 @@ hce_init(struct privsep *ps, struct privsep_proc *p, void *arg) /* Allow maximum available sockets for TCP checks */ socket_rlimit(-1); + + if (pledge("stdio inet", NULL) == -1) + fatal("hce: pledge"); } void |