Pledge ripe and rde.

Use unveil to remove file system access for the parent proc. Also remove control_cleanup as discussed on tech@. It allows to fully remove fs access (ripd does not support reload). It's not an issue for ripd and ripctrl if an unused socket file is lying around. reads OK for claudio@ and mestre@
author: remi <remi@openbsd.org> 2018-11-04 07:52:55 +0000
committer: remi <remi@openbsd.org> 2018-11-04 07:52:55 +0000
commit: e0f3cc49bfcd9995945b586ba4b1190da21693f4 (patch)
tree: d12a066af220822d24bc06191c82dd88f3a39f0c /usr.sbin/ripd/ripe.c
parent: isalpha(3) requires an unsigned char value (or -1). (diff)
download: wireguard-openbsd-e0f3cc49bfcd9995945b586ba4b1190da21693f4.tar.xz
wireguard-openbsd-e0f3cc49bfcd9995945b586ba4b1190da21693f4.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.sbin/ripd/ripe.c b/usr.sbin/ripd/ripe.c
index 2a10c003387..d83901e245f 100644
--- a/usr.sbin/ripd/ripe.c
+++ b/usr.sbin/ripd/ripe.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ripe.c,v 1.22 2016/09/03 10:28:08 renato Exp $ */
+/*	$OpenBSD: ripe.c,v 1.23 2018/11/04 07:52:55 remi Exp $ */
 
 /*
  * Copyright (c) 2006 Michele Marchetto <mydecay@openbeer.it>
@@ -196,6 +196,9 @@ ripe(struct ripd_conf *xconf, int pipe_parent2ripe[2], int pipe_ripe2rde[2],
 			    iface->name);
 	}
 
+	if (pledge("stdio inet mcast", NULL) == -1)
+		fatal("pledge");
+
 	evtimer_set(&oeconf->report_timer, report_timer, oeconf);
 	start_report_timer();
author	remi <remi@openbsd.org>	2018-11-04 07:52:55 +0000
committer	remi <remi@openbsd.org>	2018-11-04 07:52:55 +0000
commit	e0f3cc49bfcd9995945b586ba4b1190da21693f4 (patch)
tree	d12a066af220822d24bc06191c82dd88f3a39f0c /usr.sbin/ripd/ripe.c
parent	isalpha(3) requires an unsigned char value (or -1). (diff)
download	wireguard-openbsd-e0f3cc49bfcd9995945b586ba4b1190da21693f4.tar.xz wireguard-openbsd-e0f3cc49bfcd9995945b586ba4b1190da21693f4.zip