pledge() currently forbids IP_HDRINCL in setsockopt().
If I allow it in "inet", I can pledge /usr/ports/net/mtr (a traceroute tool)
to "stdio rpath inet dns tty".
Is this safe? Should I require something else than "inet"?
Index: kern_pledge.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.192
diff -u -p -r1.192 kern_pledge.c
--- kern_pledge.c 23 Jan 2017 05:49:24 -0000 1.192
+++ kern_pledge.c 11 Mar 2017 08:33:19 -0000
@@ -1414,6 +1414,7 @@ pledge_sockopt(struct proc *p, int set,
case IP_PORTRANGE:
case IP_RECVDSTADDR:
case IP_RECVDSTPORT:
+ case IP_HDRINCL:
return (0);
case IP_MULTICAST_IF:
case IP_ADD_MEMBERSHIP:
