On Wed, Dec 07, 2016 at 02:47:25PM +0100, Reyk Floeter wrote:
> Hi,
>
> dhcrelay drops privs but isn't pledged yet - here it is.
>
> It is simpler than dhclient: it only needs stdio and route because it
> pre-opens all file descriptors (UDP, bpf), does the bpf ioctls before,
> and only needs "route" for interface status ioctls on runtime.
>
> OK?
I didn't finish my implementations, but from what I've tested it seems to
be working. I don't expect anything different.
ok rzalamena@
>
> Reyk
>
> Index: usr.sbin/dhcrelay/dhcrelay.c
> ===
> RCS file: /cvs/src/usr.sbin/dhcrelay/dhcrelay.c,v
> retrieving revision 1.44
> diff -u -p -u -p -r1.44 dhcrelay.c
> --- usr.sbin/dhcrelay/dhcrelay.c 7 Dec 2016 13:19:18 - 1.44
> +++ usr.sbin/dhcrelay/dhcrelay.c 7 Dec 2016 13:42:07 -
> @@ -248,6 +248,9 @@ main(int argc, char *argv[])
> log_perror = 0;
> }
>
> + if (pledge("stdio route", NULL) == -1)
> + error("pledge");
> +
> dispatch();
> /* not reached */
>
>
