diff options
| -rw-r--r-- | usr.sbin/smtpd/lka.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/usr.sbin/smtpd/lka.c b/usr.sbin/smtpd/lka.c index 654897fcf25..0fbc8967e1e 100644 --- a/usr.sbin/smtpd/lka.c +++ b/usr.sbin/smtpd/lka.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka.c,v 1.191 2016/01/04 13:36:32 jung Exp $ */ +/* $OpenBSD: lka.c,v 1.192 2016/01/22 13:10:41 gilles Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org> @@ -320,8 +320,15 @@ lka_imsg(struct mproc *p, struct imsg *imsg) case IMSG_CONF_END: if (verbose & TRACE_TABLES) table_dump_all(); + + /* fork & exec tables that need it */ table_open_all(); + /* revoke proc & exec */ + if (pledge("stdio rpath inet dns getpw recvfd", + NULL) == -1) + err(1, "pledge"); + /* Start fulfilling requests */ mproc_enable(p_pony); return; @@ -449,6 +456,7 @@ lka(void) /* Ignore them until we get our config */ mproc_disable(p_pony); + /* proc & exec will be revoked before serving requests */ if (pledge("stdio rpath inet dns getpw recvfd proc exec", NULL) == -1) err(1, "pledge"); |