On 2015/12/01 21:24, Ricardo Mestre wrote: > Hi tech@ > > This is my first attempt at pledging dhcpd(8), right now I don't have time to > go further, but this is a working diff I having seating at my tree I want to > show you, although tomorrow I intend to get back at it. > > Declare usage() as __dead since it never returns, hoist up sync_init() since > it > calls a setsockopt(2) for multicast not allowed (yet?) by pledge(2) so I > (someone else?) can apply pledge ealier on and then finally if dhcpd(8) was > NOT > called with "-u" parameter (!udpsockmode) then request "inet" since this is a > network daemon and therefore needs to perform network operations and "sendfd" > to send a msg. > > For this last annotation I changed sendto(2) to sendmsg(2) in icmp.c so we > don't have to give permissions to the daemon it doesn't need and it just sends > an ICMP echo request (hey here is a DHCPOFFER) to the host that is requesting > an IP address.
Don't these (sendto, sendmsg) need the same permissions anyway? > +++ icmp.c 1 Dec 2015 20:59:31 -0000 .. > icmp.icmp_cksum = wrapsum(checksum((unsigned char *)&icmp, > - sizeof(icmp), 0)); > + sizeof(icmp), 0)); > + KNF here, the previous indentation was correct
