diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-10-07 20:26:16 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-10-07 20:26:16 +0000 |
| commit | eb61d8899245f21f5990f95ddcb5a8b463669c66 (patch) | |
| tree | ed5d1d948ab177cf7f1a8c82045267f2883dbc13 | |
| parent | use new tame "route" feature when possible (diff) | |
| download | wireguard-openbsd-eb61d8899245f21f5990f95ddcb5a8b463669c66.tar.xz wireguard-openbsd-eb61d8899245f21f5990f95ddcb5a8b463669c66.zip | |
In theory, bgpd should be happy with tame "stdio unix route recvfd".
Let's hear from people's experiences by commiting it.
| -rw-r--r-- | usr.sbin/bgpd/rde.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/usr.sbin/bgpd/rde.c b/usr.sbin/bgpd/rde.c index 40dd5b6a538..4d83e62cfeb 100644 --- a/usr.sbin/bgpd/rde.c +++ b/usr.sbin/bgpd/rde.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde.c,v 1.339 2015/09/21 09:47:15 phessler Exp $ */ +/* $OpenBSD: rde.c,v 1.340 2015/10/07 20:26:16 deraadt Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -30,6 +30,7 @@ #include <stdlib.h> #include <string.h> #include <unistd.h> +#include <err.h> #include "bgpd.h" #include "mrt.h" @@ -186,6 +187,9 @@ rde_main(int debug, int verbose) setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("can't drop privileges"); + if (tame("stdio unix route recvfd", NULL) == -1) + fatal("tame"); + signal(SIGTERM, rde_sighdlr); signal(SIGINT, rde_sighdlr); signal(SIGPIPE, SIG_IGN); |