diff options
author | jca <jca@openbsd.org> | 2017-07-24 12:33:59 +0000 |
---|---|---|
committer | jca <jca@openbsd.org> | 2017-07-24 12:33:59 +0000 |
commit | 0eb8ec17bb300244738e52f3d6a89d007490140e (patch) | |
tree | 46f6874cafa01b9205941abda9d25e560cab01de /usr.sbin/ifstated | |
parent | tweak malloc(9) flags: since that M_NOWAIT might return NULL hence it (diff) | |
download | wireguard-openbsd-0eb8ec17bb300244738e52f3d6a89d007490140e.tar.xz wireguard-openbsd-0eb8ec17bb300244738e52f3d6a89d007490140e.zip |
Use pledge(2)
Simple promises proposed by Rob Pierce after exploring more complicated
privsep schemes. ok benno@
Diffstat (limited to 'usr.sbin/ifstated')
-rw-r--r-- | usr.sbin/ifstated/ifstated.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.sbin/ifstated/ifstated.c b/usr.sbin/ifstated/ifstated.c index 7b8e0eea51e..a6da75277b4 100644 --- a/usr.sbin/ifstated/ifstated.c +++ b/usr.sbin/ifstated/ifstated.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ifstated.c,v 1.55 2017/07/23 13:53:54 deraadt Exp $ */ +/* $OpenBSD: ifstated.c,v 1.56 2017/07/24 12:33:59 jca Exp $ */ /* * Copyright (c) 2004 Marco Pfatschbacher <mpf@openbsd.org> @@ -159,6 +159,9 @@ main(int argc, char *argv[]) &rtfilter, sizeof(rtfilter)) == -1) /* not fatal */ log_warn("%s: setsockopt tablefilter", __func__); + if (pledge("stdio rpath route proc exec", NULL) == -1) + fatal("pledge"); + signal_set(&sigchld_ev, SIGCHLD, sigchld_handler, NULL); signal_add(&sigchld_ev, NULL); |