From 326781423c096f4ed90cebc87cfe74b24ac794a0 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Sun, 25 Oct 2015 07:44:42 +0000
Subject: pledge bind(1), dig(1), and nslookup(1).  This modifies the
 underlying ISC library to use socket(2) with the SOCK_DNS flag.  As a result,
 the port commands are disabled (such practice is rare in the wild these days,
 and pretty incompatible with the DNS vs regular socket concept in pledge..)
 ok bluhm phessler reyk, etc

---
 usr.sbin/bind/lib/isc/unix/socket.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'usr.sbin/bind/lib/isc/unix/socket.c')

diff --git a/usr.sbin/bind/lib/isc/unix/socket.c b/usr.sbin/bind/lib/isc/unix/socket.c
index fc300ba1e92..98bf327c19a 100644
--- a/usr.sbin/bind/lib/isc/unix/socket.c
+++ b/usr.sbin/bind/lib/isc/unix/socket.c
@@ -1503,10 +1503,10 @@ isc_socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
  again:
 	switch (type) {
 	case isc_sockettype_udp:
-		sock->fd = socket(pf, SOCK_DGRAM, IPPROTO_UDP);
+		sock->fd = socket(pf, SOCK_DGRAM | SOCK_DNS, IPPROTO_UDP);
 		break;
 	case isc_sockettype_tcp:
-		sock->fd = socket(pf, SOCK_STREAM, IPPROTO_TCP);
+		sock->fd = socket(pf, SOCK_STREAM | SOCK_DNS, IPPROTO_TCP);
 		break;
 	case isc_sockettype_unix:
 		sock->fd = socket(pf, SOCK_STREAM, 0);
-- 
cgit v1.2.3-59-g8ed1b