On Tue, Jul 10, 2018 at 07:12:01PM +0200, Florian Riehm wrote:
> Hi,
>
> this adds pledge to the ospf6d route decision engine and the ospf engine.
> It is compared to the ospfd quite simple, since ospf6d does not support
> reload,
> rdomains and kif-interfaces.
>
> ok?
builds and runs fine. OK remi@
>
> friehm
>
> Index: ospfe.c
> ===================================================================
> RCS file: /home/friehm/repos/openbsd-cvs/cvs/src/usr.sbin/ospf6d/ospfe.c,v
> retrieving revision 1.51
> diff -u -p -r1.51 ospfe.c
> --- ospfe.c 12 Aug 2017 16:27:50 -0000 1.51
> +++ ospfe.c 10 Jul 2018 15:14:35 -0000
> @@ -133,6 +133,9 @@ ospfe(struct ospfd_conf *xconf, int pipe
> setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
> fatal("can't drop privileges");
>
> + if (pledge("stdio inet mcast", NULL) == -1)
> + fatal("pledge");
> +
> event_init();
> nbr_init(NBR_HASHSIZE);
> lsa_cache_init(LSA_HASHSIZE);
> Index: rde.c
> ===================================================================
> RCS file: /home/friehm/repos/openbsd-cvs/cvs/src/usr.sbin/ospf6d/rde.c,v
> retrieving revision 1.76
> diff -u -p -r1.76 rde.c
> --- rde.c 12 Jun 2018 20:12:36 -0000 1.76
> +++ rde.c 10 Jul 2018 15:14:39 -0000
> @@ -156,6 +156,9 @@ rde(struct ospfd_conf *xconf, int pipe_p
> setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
> fatal("can't drop privileges");
>
> + if (pledge("stdio", NULL) == -1)
> + fatal("pledge");
> +
> event_init();
> rde_nbr_init(NBR_HASHSIZE);
> lsa_init(&asext_tree);
