The diff below adds pledge("stdio") calls for the pfkey dump subset of ipsecctl commands.
In particular ipsecctl -s which prints all SAs or flows in the kernel and more importantly ipsecctl -m which contiously parses and prints every pfkey message forwarded by the kernel don't seem to need any additional privileges after setting up pfkey sockets and sysctls. ok? Index: ipsecctl.c =================================================================== RCS file: /cvs/src/sbin/ipsecctl/ipsecctl.c,v retrieving revision 1.85 diff -u -p -r1.85 ipsecctl.c --- ipsecctl.c 7 Mar 2023 17:43:59 -0000 1.85 +++ ipsecctl.c 8 Oct 2023 22:16:59 -0000 @@ -625,6 +625,9 @@ ipsecctl_get_rules(struct ipsecctl *ipse if (msg->sadb_msg_len == 0) break; + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); + rule = calloc(1, sizeof(struct ipsec_rule)); if (rule == NULL) err(1, "ipsecctl_get_rules: calloc"); @@ -739,6 +742,10 @@ ipsecctl_show_sas(int opts) err(1, "ipsecctl_show_sas: malloc"); if (sysctl(mib, 5, buf, &need, NULL, 0) == -1) err(1, "ipsecctl_show_sas: sysctl"); + + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); + sacount = 0; lim = buf + need; for (next = buf; next < lim; Index: pfkey.c =================================================================== RCS file: /cvs/src/sbin/ipsecctl/pfkey.c,v retrieving revision 1.63 diff -u -p -r1.63 pfkey.c --- pfkey.c 22 Oct 2021 12:30:54 -0000 1.63 +++ pfkey.c 8 Oct 2023 22:16:59 -0000 @@ -1324,6 +1324,9 @@ pfkey_monitor(int opts) if (pfkey_promisc() < 0) return -1; + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); + pfd[0].fd = fd; pfd[0].events = POLLIN; for (;;) {