diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-10-20 18:04:03 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-10-20 18:04:03 +0000 |
| commit | 603fdb405f123334738434f7ba091788a76df90b (patch) | |
| tree | d283182d1a75e76e44637c567c07fe1a1958536c /sys/netinet | |
| parent | Add SIOCGIFGMEMB to "route" (returns a list of all interfaces who are (diff) | |
| download | wireguard-openbsd-603fdb405f123334738434f7ba091788a76df90b.tar.xz wireguard-openbsd-603fdb405f123334738434f7ba091788a76df90b.zip | |
At guenther's suggestion replace dnssocket() with a SOCK_DNS flag on
socket(). Without pledge, all other socket behaviours become permitted,
except this one case: connect/send* only works to *:53. In pledge mode,
a very few are further restricted. Some backwards compatibility for
the dnssocket/dnsconnect calls will remain in the tree temporarily so
that people can build through the transition.
ok tedu guenther semarie
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/in_pcb.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index b7aa013330a..1d0ca68f174 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_pcb.c,v 1.184 2015/10/19 12:10:05 mpi Exp $ */ +/* $OpenBSD: in_pcb.c,v 1.185 2015/10/20 18:04:03 deraadt Exp $ */ /* $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $ */ /* @@ -418,7 +418,6 @@ in_pcbconnect(struct inpcb *inp, struct mbuf *nam) { struct in_addr *ina = NULL; struct sockaddr_in *sin = mtod(nam, struct sockaddr_in *); - struct proc *p = curproc; int error; #ifdef INET6 @@ -435,9 +434,6 @@ in_pcbconnect(struct inpcb *inp, struct mbuf *nam) if (sin->sin_port == 0) return (EADDRNOTAVAIL); - if (pledge_dns_check(p, sin->sin_port)) - return (pledge_fail(p, EPERM, PLEDGE_DNS)); - error = in_selectsrc(&ina, sin, inp->inp_moptions, &inp->inp_route, &inp->inp_laddr, inp->inp_rtableid); if (error) |