3 files changed, 12 insertions, 3 deletions

diff --git a/usr.sbin/eigrpd/eigrpd.c b/usr.sbin/eigrpd/eigrpd.c
index 6d4191bb003..64658969337 100644
--- a/usr.sbin/eigrpd/eigrpd.c
+++ b/usr.sbin/eigrpd/eigrpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: eigrpd.c,v 1.1 2015/10/02 04:26:47 renato Exp $ */
+/*	$OpenBSD: eigrpd.c,v 1.2 2015/10/10 05:12:33 renato Exp $ */
 
 /*
  * Copyright (c) 2015 Renato Westphal <renato@openbsd.org>
@@ -275,6 +275,9 @@ main(int argc, char *argv[])
 	    eigrpd_conf->rdomain) == -1)
 		fatalx("kr_init failed");
 
+	if (pledge("stdio proc", NULL) == -1)
+		fatal("pledge");
+
 	event_dispatch();
 
 	eigrpd_shutdown();
diff --git a/usr.sbin/eigrpd/eigrpe.c b/usr.sbin/eigrpd/eigrpe.c
index e0fbc4a2916..eb515a7dc23 100644
--- a/usr.sbin/eigrpd/eigrpe.c
+++ b/usr.sbin/eigrpd/eigrpe.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: eigrpe.c,v 1.4 2015/10/10 05:09:19 renato Exp $ */
+/*	$OpenBSD: eigrpe.c,v 1.5 2015/10/10 05:12:33 renato Exp $ */
 
 /*
  * Copyright (c) 2015 Renato Westphal <renato@openbsd.org>
@@ -190,6 +190,9 @@ eigrpe(struct eigrpd_conf *xconf, int pipe_parent2eigrpe[2], int pipe_eigrpe2rde
 	TAILQ_FOREACH(iface, &econf->iface_list, entry)
 		if_init(xconf, iface);
 
+	if (pledge("stdio inet mcast", NULL) == -1)
+		fatal("pledge");
+
 	event_dispatch();
 
 	eigrpe_shutdown();
diff --git a/usr.sbin/eigrpd/rde.c b/usr.sbin/eigrpd/rde.c
index 704231af6fe..6cc10589ad5 100644
--- a/usr.sbin/eigrpd/rde.c
+++ b/usr.sbin/eigrpd/rde.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rde.c,v 1.3 2015/10/05 01:59:33 renato Exp $ */
+/*	$OpenBSD: rde.c,v 1.4 2015/10/10 05:12:33 renato Exp $ */
 
 /*
  * Copyright (c) 2015 Renato Westphal <renato@openbsd.org>
@@ -107,6 +107,9 @@ rde(struct eigrpd_conf *xconf, int pipe_parent2rde[2], int pipe_eigrpe2rde[2],
 	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
 		fatal("can't drop privileges");
 
+	if (pledge("stdio", NULL) == -1)
+		fatal("pledge");
+
 	event_init();
 
 	/* setup signal handler */