So I took look at which pledge requests rtadvd could use. Turns out it can't call pledge early, because it attempts to retrieve IPV6CTL_FORWARDING and pledge currently denies it. rtadvd is the only user of IPV6CTL_FORWARDING in base, so IMO it doesn't call for a change in kern_pledge.c. There are other exotic setsockopt calls that would probably prevent early pledge calls.
Another minor issue is that pidfile(3) installs an atexit(3) handler that calls unlink(2). It makes little sense to have rtadvd slaughtered when it tries to unlink /var/run/rtadvd.pid, especially as that path isn't reachable anymore (rtadvd runs privdrop, chrooted). And it makes little sense to add "cpath" to the pledge request, just to have rtadvd exit properly. Let's not just write down a pid file. Thus, this diff does two things: - remove the use of pidfile(3). rc.d doesn't need this. - introduce a single, minimal pledge(2) request just before the main loop I'll probably commit the pidfile() removal and the pledge request in separate commits. Comments / oks? Index: Makefile =================================================================== RCS file: /cvs/src/usr.sbin/rtadvd/Makefile,v retrieving revision 1.6 diff -u -p -r1.6 Makefile --- Makefile 21 Apr 2008 20:40:55 -0000 1.6 +++ Makefile 25 Oct 2015 19:35:27 -0000 @@ -4,8 +4,6 @@ PROG= rtadvd SRCS= rtadvd.c rrenum.c advcap.c if.c config.c timer.c dump.c log.c CFLAGS+=-Wall -LDADD+= -lutil -DPADD+= ${LIBUTIL} MAN= rtadvd.8 rtadvd.conf.5 .include <bsd.prog.mk> Index: rtadvd.c =================================================================== RCS file: /cvs/src/usr.sbin/rtadvd/rtadvd.c,v retrieving revision 1.55 diff -u -p -r1.55 rtadvd.c --- rtadvd.c 20 Aug 2015 22:39:29 -0000 1.55 +++ rtadvd.c 25 Oct 2015 19:36:38 -0000 @@ -55,7 +55,6 @@ #include <err.h> #include <errno.h> #include <string.h> -#include <util.h> #include <pwd.h> #include "rtadvd.h" @@ -224,10 +223,6 @@ main(argc, argv) sock_open(); - /* record the current PID */ - if (pidfile(NULL) < 0) - log_warnx("failed to open the pid log file, run anyway."); - if (sflag == 0) { rtsock_open(); } @@ -242,6 +237,9 @@ main(argc, argv) setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("cannot drop privileges"); + + if (pledge("stdio inet route", NULL) == -1) + err(1, "pledge"); npfd = 1; pfd[0].fd = sock; -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE