snmpclient pledges after calling chroot(2) and requires a dns promise for
sendto(2) with non-NULL destination.
Rob
Index: snmpclient.c
===================================================================
RCS file: /cvs/src/usr.sbin/snmpctl/snmpclient.c,v
retrieving revision 1.13
diff -u -p -r1.13 snmpclient.c
--- snmpclient.c 16 Jan 2015 06:40:21 -0000 1.13
+++ snmpclient.c 25 Jul 2017 19:05:37 -0000
@@ -160,6 +160,9 @@ snmpclient(struct parse_result *res)
#endif
}
+ if (pledge("stdio dns", NULL) == -1)
+ fatal("pledge");
+
sc.sc_fd = s;
sc.sc_community = res->community;
sc.sc_version = res->version;
Index: snmpctl.c
===================================================================
RCS file: /cvs/src/usr.sbin/snmpctl/snmpctl.c,v
retrieving revision 1.22
diff -u -p -r1.22 snmpctl.c
--- snmpctl.c 28 Oct 2016 20:49:32 -0000 1.22
+++ snmpctl.c 25 Jul 2017 19:05:37 -0000
@@ -123,6 +123,8 @@ main(int argc, char *argv[])
usage();
break;
case SHOW_MIB:
+ if (pledge("stdio", NULL) == -1)
+ fatal("pledge");
show_mib();
break;
case WALK:
@@ -131,6 +133,8 @@ main(int argc, char *argv[])
snmpclient(res);
break;
default:
+ if (pledge("stdio unix", NULL) == -1)
+ fatal("pledge");
goto connect;
}
@@ -155,6 +159,9 @@ main(int argc, char *argv[])
}
err(1, "connect: %s", sock);
}
+
+ if (pledge("stdio", NULL) == -1)
+ fatal("pledge");
imsg_init(&ibuf, ctl_sock);
done = 0;
