tcpbench pledge

Tue, 10 Nov 2015 08:54:48 -0800 

Hello -

pledge starts after getopt because of setrtable. 

rpath needed incase -k (kvm_openfile) 
proc needed for drop_gid (setresgid)

I believe I've hit every code path.  More eyes are welcome.

Index: tcpbench.c
===================================================================
RCS file: /cvs/src/usr.bin/tcpbench/tcpbench.c,v
retrieving revision 1.46
diff -u -p -r1.46 tcpbench.c
--- tcpbench.c  9 Feb 2015 23:46:23 -0000       1.46
+++ tcpbench.c  10 Nov 2015 16:43:16 -0000
@@ -986,8 +986,6 @@ quit(int sig, short event, void *arg)
 int
 main(int argc, char **argv)
 {
-       extern int optind;
-       extern char *optarg;
        struct timeval tv;
        unsigned int secs, rtable;
 
@@ -1108,6 +1106,9 @@ main(int argc, char **argv)
                }
        }
 
+       if (pledge("stdio rpath dns inet id proc", NULL) == -1)
+               err(1, "pledge");
+
        argv += optind;
        argc -= optind;
        if ((argc != (ptb->sflag ? 0 : 1)) ||
@@ -1125,6 +1126,9 @@ main(int argc, char **argv)
        } else
                drop_gid();
 
+       if (pledge("stdio id dns inet", NULL) == -1)
+               err(1, "pledge");
+
        if (!ptb->sflag)
                host = argv[0];
        /*
@@ -1169,6 +1173,9 @@ main(int argc, char **argv)
                        errx(1, "getaddrinfo: %s", gai_strerror(herr));
        }
 
+       if (pledge("stdio id inet", NULL) == -1)
+               err(1, "pledge");
+
        if (getrlimit(RLIMIT_NOFILE, &rl) == -1)
                err(1, "getrlimit");
        if (rl.rlim_cur < MAX_FD)
@@ -1177,7 +1184,10 @@ main(int argc, char **argv)
                err(1, "setrlimit");
        if (getrlimit(RLIMIT_NOFILE, &rl) == -1)
                err(1, "getrlimit");
-       
+
+       if (pledge("stdio inet", NULL) == -1)
+               err(1, "pledge");
+
        /* Init world */
        TAILQ_INIT(&sc_queue);
        if ((ptb->dummybuf = malloc(ptb->dummybuf_len)) == NULL)
@@ -1216,7 +1226,10 @@ main(int argc, char **argv)
                }
                client_init(aitop, nconn, udp_sc, aib);
        }
-       
+
+       if (pledge("stdio", NULL) == -1)
+               err(1, "pledge");
+
        /* libevent main loop*/
        event_dispatch();

Reply via email to