pledge "stdio inet sendfd" before entering main loop in network speaking

child. (All those I asked to test timed out before commit, so now they get to test for real...)
author: deraadt <deraadt@openbsd.org> 2015-11-14 04:02:32 +0000
committer: deraadt <deraadt@openbsd.org> 2015-11-14 04:02:32 +0000
commit: 1179e37d35a23a53bda10c434ed969edd8e50060 (patch)
tree: fa9a03b31a1bbc8881846127804a0f37bf616cdd /usr.sbin/tftp-proxy
parent: update the NAME section; ok nicm schwarze (diff)
download: wireguard-openbsd-1179e37d35a23a53bda10c434ed969edd8e50060.tar.xz
wireguard-openbsd-1179e37d35a23a53bda10c434ed969edd8e50060.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.sbin/tftp-proxy/tftp-proxy.c b/usr.sbin/tftp-proxy/tftp-proxy.c
index 4bb547ecf93..aa8b311dfb9 100644
--- a/usr.sbin/tftp-proxy/tftp-proxy.c
+++ b/usr.sbin/tftp-proxy/tftp-proxy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tftp-proxy.c,v 1.14 2015/11/12 20:55:49 deraadt Exp $
+/* $OpenBSD: tftp-proxy.c,v 1.15 2015/11/14 04:02:32 deraadt Exp $
  *
  * Copyright (c) 2005 DLS Internet Services
  * Copyright (c) 2004, 2005 Camiel Dobbelaar, <cd@sentia.nl>
@@ -374,6 +374,9 @@ proxy_privproc(int s, struct passwd *pw)
 	    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid))
 		lerr(1, "unable to set group ids");
 
+	if (pledge("stdio inet sendfd", NULL) == -1)
+		err(1, "pledge");
+
 	TAILQ_INIT(&p.replies);
 
 	p.buf = evbuffer_new();
author	deraadt <deraadt@openbsd.org>	2015-11-14 04:02:32 +0000
committer	deraadt <deraadt@openbsd.org>	2015-11-14 04:02:32 +0000
commit	1179e37d35a23a53bda10c434ed969edd8e50060 (patch)
tree	fa9a03b31a1bbc8881846127804a0f37bf616cdd /usr.sbin/tftp-proxy
parent	update the NAME section; ok nicm schwarze (diff)
download	wireguard-openbsd-1179e37d35a23a53bda10c434ed969edd8e50060.tar.xz wireguard-openbsd-1179e37d35a23a53bda10c434ed969edd8e50060.zip