Add pledge(2) to the child processes.

This is almost identical to the eigrpd(8) pledge diff, with the exception
that the parent process can not be pledged bacause of a SIOCSETMPWCFG
ioctl used to configure pseudowires.

Looks good to deraadt@.

2 files changed, 8 insertions, 2 deletions

diff --git a/usr.sbin/ldpd/lde.c b/usr.sbin/ldpd/lde.c
index 5d3f698b856..03904d39b2b 100644
--- a/usr.sbin/ldpd/lde.c
+++ b/usr.sbin/ldpd/lde.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: lde.c,v 1.38 2015/07/21 04:52:29 renato Exp $ */
+/*	$OpenBSD: lde.c,v 1.39 2015/10/23 10:10:17 renato Exp $ */
 
 /*
  * Copyright (c) 2004, 2005 Claudio Jeker <claudio@openbsd.org>
@@ -113,6 +113,9 @@ lde(struct ldpd_conf *xconf, int pipe_parent2lde[2], int pipe_ldpe2lde[2],
 	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
 		fatal("can't drop privileges");
 
+	if (pledge("stdio", NULL) == -1)
+		fatal("pledge");
+
 	event_init();
 
 	/* setup signal handler */
diff --git a/usr.sbin/ldpd/ldpe.c b/usr.sbin/ldpd/ldpe.c
index 8df97e506cd..8b87161974b 100644
--- a/usr.sbin/ldpd/ldpe.c
+++ b/usr.sbin/ldpd/ldpe.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ldpe.c,v 1.39 2015/07/21 05:04:12 renato Exp $ */
+/*	$OpenBSD: ldpe.c,v 1.40 2015/10/23 10:10:17 renato Exp $ */
 
 /*
  * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org>
@@ -271,6 +271,9 @@ ldpe(struct ldpd_conf *xconf, int pipe_parent2ldpe[2], int pipe_ldpe2lde[2],
 	LIST_FOREACH(tnbr, &leconf->tnbr_list, entry)
 		tnbr_init(xconf, tnbr);
 
+	if (pledge("stdio cpath inet mcast", NULL) == -1)
+		fatal("pledge");
+
 	event_dispatch();
 
 	ldpe_shutdown();