diff options
| author |   yasuoka <yasuoka@openbsd.org> | 2010-01-31 05:49:50 +0000 |
|---|---|---|
| committer | yasuoka <yasuoka@openbsd.org> | 2010-01-31 05:49:50 +0000 |
| commit | 4a78f66b30cc729b2ddc27e342de3dabb8df1db3 (patch) | |
| tree | d3fb37b35feece602e06f8d4df791ba2854a4208 /usr.sbin/npppd/pppoe | |
| parent | Make sure the previous node is not a NOTE; prevents ICE on loongson. (diff) | |
| download | wireguard-openbsd-4a78f66b30cc729b2ddc27e342de3dabb8df1db3.tar.xz wireguard-openbsd-4a78f66b30cc729b2ddc27e342de3dabb8df1db3.zip | |
privilege separation of npppd.
- Drop privilege after daemon initializing.
- Some system calls that requires root privileges were replaced to
wrapper functions that communicate with a separated privileged
process via IPC. And the privileged process checks whether the
operations are acceptable.
Diffstat (limited to 'usr.sbin/npppd/pppoe')
| -rw-r--r-- | usr.sbin/npppd/pppoe/pppoed.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.sbin/npppd/pppoe/pppoed.c b/usr.sbin/npppd/pppoe/pppoed.c index 35f75d1bb3b..9c9b52d9dc4 100644 --- a/usr.sbin/npppd/pppoe/pppoed.c +++ b/usr.sbin/npppd/pppoe/pppoed.c @@ -29,7 +29,7 @@ * <dt>RFC 2516</dt> * <dd>A Method for Transmitting PPP Over Ethernet (PPPoE)</dd> * </dl> - * $Id: pppoed.c,v 1.3 2010/01/27 07:27:02 yasuoka Exp $ + * $Id: pppoed.c,v 1.4 2010/01/31 05:49:51 yasuoka Exp $ */ #include <sys/types.h> #include <sys/param.h> @@ -68,6 +68,7 @@ #include "properties.h" #include "config_helper.h" #include "rtev.h" +#include "privsep.h" #include "pppoe.h" #include "pppoe_local.h" @@ -278,7 +279,7 @@ pppoed_listener_start(pppoed_listener *_this, int restart) /* FIXME: NetBSD 3.0 では、/dev/bpf 一つで何度も開けるらしい */ for (i = 0; i < 256; i++) { snprintf(buf, sizeof(buf), "/dev/bpf%d", i); - if ((_this->bpf = open(buf, O_RDWR, 0600)) >= 0) { + if ((_this->bpf = priv_open(buf, O_RDWR, 0600)) >= 0) { break; } else if (errno == ENXIO || errno == ENOENT) break; /* これ以上探してもみつからないはず */ |