Tested with and without zone transfers, forced writing of zones to
disk and adding and removing zones at run time.
Is the order of pledges in main() correct?
OK?
diff --git nsd.c nsd.c
index 2420a65..d2084b7 100644
--- nsd.c
+++ nsd.c
@@ -1111,6 +1111,11 @@ main(int argc, char *argv[])
nsd.username));
}
#endif /* HAVE_GETPWNAM */
+
+ if (pledge("stdio rpath wpath cpath dns inet proc", NULL) == -1)
+ error("pledge");
+
+
xfrd_make_tempdir(&nsd);
#ifdef USE_ZONE_STATS
options_zonestatnames_create(nsd.options);
diff --git server.c server.c
index 9ac2687..1309316 100644
--- server.c
+++ server.c
@@ -301,6 +301,12 @@ restart_child_servers(struct nsd *nsd, region_type*
region, netio_type* netio,
/* the child need not be able to access the
* nsd.db file */
namedb_close_udb(nsd->db);
+
+ if (pledge("stdio rpath inet", NULL) == -1) {
+ log_msg(LOG_ERR, "pledge");
+ exit(1);
+ }
+
nsd->pid = 0;
nsd->child_count = 0;
nsd->server_kind = nsd->children[i].kind;
--
I'm not entirely sure you are real.
