On Sat, Jul 22 2017, Rob Pierce <r...@2keys.ca> wrote:
> With the most recent commit ifstated can now be pledged in a straight forward
> manner. A better pledge is possible with more work.
>
> Does it make sense to get this one in now?
Regress tests pass. I think this is the way to go. ok jca@
> Rob
>
> Index: ifstated.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/ifstated/ifstated.c,v
> retrieving revision 1.52
> diff -u -p -r1.52 ifstated.c
> --- ifstated.c 21 Jul 2017 16:32:18 -0000 1.52
> +++ ifstated.c 22 Jul 2017 03:58:23 -0000
> @@ -160,6 +160,9 @@ main(int argc, char *argv[])
> &rtfilter, sizeof(rtfilter)) == -1) /* not fatal */
> log_warn("%s: setsockopt tablefilter", __func__);
>
> + if (pledge("stdio rpath inet proc exec", NULL) == -1)
> + fatal("pledge");
> +
> signal_set(&sigchld_ev, SIGCHLD, sigchld_handler, NULL);
> signal_add(&sigchld_ev, NULL);
>
>
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
