From 276bf740fc10efc1c2827edbb96486e243bc3641 Mon Sep 17 00:00:00 2001
From: jca <jca@openbsd.org>
Date: Wed, 4 Oct 2017 23:56:48 +0000
Subject: Fix pledge(2) usage

We should not try to tighten pledge promises in the master inetd
process, since those are needed to reload the configuration.  Only
tighten down if 1) we have forked 2) we're running one of the builtin
routines, which are dealing with network input.

Pointed out by and ok benno@
---
 usr.sbin/inetd/inetd.c | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

(limited to 'usr.sbin/inetd')

diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c
index 4670540b604..b399a21311a 100644
--- a/usr.sbin/inetd/inetd.c
+++ b/usr.sbin/inetd/inetd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: inetd.c,v 1.157 2017/10/04 20:15:52 jca Exp $	*/
+/*	$OpenBSD: inetd.c,v 1.158 2017/10/04 23:56:48 jca Exp $	*/
 
 /*
  * Copyright (c) 1983,1991 The Regents of the University of California.
@@ -1752,22 +1752,16 @@ spawn(int ctrl, short events, void *xsep)
 		return;
 	}
 
-	if (sep->se_family == AF_UNIX) {
-		if (pledge("stdio rpath cpath getpw inet proc exec id", NULL) == -1)
-			err(1, "pledge");
-	} else {
-		if (pledge("stdio rpath getpw inet proc exec id", NULL) == -1)
-			err(1, "pledge");
-	}
-
 	if (pid && sep->se_wait) {
 		sep->se_wait = pid;
 		event_del(&sep->se_event);
 	}
 	if (pid == 0) {
-		if (sep->se_bi)
+		if (sep->se_bi) {
+			if (dofork && pledge("stdio inet", NULL) == -1)
+				err(1, "pledge");
 			(*sep->se_bi->bi_fn)(ctrl, sep);
-		else {
+		} else {
 			if ((pwd = getpwnam(sep->se_user)) == NULL) {
 				syslog(LOG_ERR,
 				    "getpwnam: %s: No such user",
-- 
cgit v1.2.3-59-g8ed1b