diff options
| author |   ratchov <ratchov@openbsd.org> | 2015-12-23 20:12:18 +0000 |
|---|---|---|
| committer | ratchov <ratchov@openbsd.org> | 2015-12-23 20:12:18 +0000 |
| commit | f4078b0ce5e94f4fe2a1b994b5099ca4e5f47c6e (patch) | |
| tree | d0f5a1bbf8ad3c7d863b6b4e1e731836f3fb2e6c | |
| parent | If PLEDGE_AUDIO is set, allow audio(4) ioctls necessary (diff) | |
| download | wireguard-openbsd-f4078b0ce5e94f4fe2a1b994b5099ca4e5f47c6e.tar.xz wireguard-openbsd-f4078b0ce5e94f4fe2a1b994b5099ca4e5f47c6e.zip | |
Add pledge calls to both "helper" and "worker" processes.
ok deraadt, semarie
| -rw-r--r-- | usr.bin/sndiod/sndiod.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/usr.bin/sndiod/sndiod.c b/usr.bin/sndiod/sndiod.c index 18aaeaf7e94..7f32f5bb7ed 100644 --- a/usr.bin/sndiod/sndiod.c +++ b/usr.bin/sndiod/sndiod.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sndiod.c,v 1.21 2015/12/23 12:24:12 ratchov Exp $ */ +/* $OpenBSD: sndiod.c,v 1.22 2015/12/23 20:12:18 ratchov Exp $ */ /* * Copyright (c) 2008-2012 Alexandre Ratchov <alex@caoua.org> * @@ -507,6 +507,8 @@ main(int argc, char **argv) setresuid(hpw_uid, hpw_uid, hpw_uid)) err(1, "cannot drop privileges"); } + if (pledge("stdio sendfd rpath wpath", NULL) < 0) + err(1, "pledge"); while (file_poll()) ; /* nothing */ } else { @@ -551,6 +553,13 @@ main(int argc, char **argv) setresuid(wpw_uid, wpw_uid, wpw_uid)) err(1, "cannot drop privileges"); } + if (tcpaddr) { + if (pledge("stdio audio recvfd unix inet", NULL) == -1) + err(1, "pledge"); + } else { + if (pledge("stdio audio recvfd unix", NULL) == -1) + err(1, "pledge"); + } for (;;) { if (quit_flag) break; |