pledge bind(1), dig(1), and nslookup(1). This modifies the underlying

ISC library to use socket(2) with the SOCK_DNS flag.  As a result, the
port commands are disabled (such practice is rare in the wild these days,
and pretty incompatible with the DNS vs regular socket concept in pledge..)
ok bluhm phessler reyk, etc

1 files changed, 10 insertions, 1 deletions

diff --git a/usr.sbin/bind/bin/dig/dig.c b/usr.sbin/bind/bin/dig/dig.c
index 79402c61816..156d1bcdb76 100644
--- a/usr.sbin/bind/bin/dig/dig.c
+++ b/usr.sbin/bind/bin/dig/dig.c
@@ -21,6 +21,7 @@
 
 #include <config.h>
 #include <stdlib.h>
+#include <unistd.h>
 #include <time.h>
 #include <ctype.h>
 
@@ -1191,7 +1192,8 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 		strlcpy(keyfile, value, sizeof(keyfile));
 		return (value_from_next);
 	case 'p':
-		port = (in_port_t) parse_uint(value, "port number", MAXPORT);
+		fprintf(stderr, ";; Warning, -p option ignored\n");
+		/* port = (in_port_t) parse_uint(value, "port number", MAXPORT); */
 		return (value_from_next);
 	case 'q':
 		if (!config_only) {
@@ -1753,6 +1755,9 @@ main(int argc, char **argv) {
 	ISC_LIST_INIT(server_list);
 	ISC_LIST_INIT(search_list);
 
+	if (pledge("stdio rpath dns", NULL) == -1)
+		perror("pledge");
+
 	debug("main()");
 	preparse_args(argc, argv);
 	progname = argv[0];
@@ -1760,6 +1765,10 @@ main(int argc, char **argv) {
 	check_result(result, "isc_app_start");
 	setup_libs();
 	parse_args(ISC_FALSE, ISC_FALSE, argc, argv);
+
+	if (pledge("stdio dns", NULL) == -1)
+		perror("pledge");
+
 	setup_system();
 	if (domainopt[0] != '\0') {
 		set_search_domain(domainopt);