We can now pledge(2) "stdio bpf" when using tcpdump '-n' (don't convert
addresses to names), or when writing packet captures to stdout '-w -',
removing the "rpath" promise.
In the normal use case, the pledge(2) now becomes "stdio rpath dns bpf"
'rpath' is still needed to handle late opening of /etc/{ethers,rpc},
which will be solved by future work.
This removes the existing "inet unix recvfd" promises which appear to
be no longer required.
-Bryan.
diff -Nru tcpdump_orig/privsep.c tcpdump/privsep.c
--- usr.sbin/tcpdump/privsep.c Tue Sep 19 13:28:21 2017
+++ usr.sbin/tcpdump/privsep.c Tue Sep 19 13:30:11 2017
@@ -305,8 +305,14 @@
test_state(cmd, STATE_RUN);
impl_init_done(sock, &bpfd);
- if (pledge("stdio rpath inet unix dns recvfd bpf",
NULL) == -1)
- err(1, "pledge");
+ if (!nflag && WFileName == NULL) {
+ /* XXX rpath for /etc/{ethers,rpc} */
+ if (pledge("stdio rpath dns bpf", NULL) == -1)
+ err(1, "pledge");
+ } else {
+ if (pledge("stdio bpf", NULL) == -1)
+ err(1, "pledge");
+ }
break;
case PRIV_GETHOSTBYADDR:
