From 95732ab88a662f585b052bfcc9ff881f527464be Mon Sep 17 00:00:00 2001 From: Renato Westphal Date: Mon, 23 May 2016 19:16:01 +0000 Subject: Improve security by calling exec after fork. For each child process (lde and ldpe), re-exec ldpd with a special "per-role" getopt flag. This way we have seperate ASLR/cookies per process. Based on a similar patch for bgpd, from claudio@ Requested by deraadt@ --- usr.sbin/ldpd/ldpe.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'usr.sbin/ldpd/ldpe.h') diff --git a/usr.sbin/ldpd/ldpe.h b/usr.sbin/ldpd/ldpe.h index 382f5d6f814..67ee322476d 100644 --- a/usr.sbin/ldpd/ldpe.h +++ b/usr.sbin/ldpd/ldpe.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ldpe.h,v 1.55 2016/05/23 19:14:03 renato Exp $ */ +/* $OpenBSD: ldpe.h,v 1.56 2016/05/23 19:16:00 renato Exp $ */ /* * Copyright (c) 2013, 2016 Renato Westphal @@ -173,7 +173,7 @@ int tlv_decode_fec_elm(struct nbr *, struct ldp_msg *, char *, uint16_t, struct map *); /* ldpe.c */ -pid_t ldpe(struct ldpd_conf *, int[2], int[2], int[2]); +pid_t ldpe(int, int); int ldpe_imsg_compose_parent(int, pid_t, void *, uint16_t); int ldpe_imsg_compose_lde(int, uint32_t, pid_t, void *, -- cgit v1.2.3