Hi,
this adds pledge to the ospf6d route decision engine and the ospf engine.
It is compared to the ospfd quite simple, since ospf6d does not support reload,
rdomains and kif-interfaces.
ok?
friehm
Index: ospfe.c
===================================================================
RCS file: /home/friehm/repos/openbsd-cvs/cvs/src/usr.sbin/ospf6d/ospfe.c,v
retrieving revision 1.51
diff -u -p -r1.51 ospfe.c
--- ospfe.c 12 Aug 2017 16:27:50 -0000 1.51
+++ ospfe.c 10 Jul 2018 15:14:35 -0000
@@ -133,6 +133,9 @@ ospfe(struct ospfd_conf *xconf, int pipe
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
fatal("can't drop privileges");
+ if (pledge("stdio inet mcast", NULL) == -1)
+ fatal("pledge");
+
event_init();
nbr_init(NBR_HASHSIZE);
lsa_cache_init(LSA_HASHSIZE);
Index: rde.c
===================================================================
RCS file: /home/friehm/repos/openbsd-cvs/cvs/src/usr.sbin/ospf6d/rde.c,v
retrieving revision 1.76
diff -u -p -r1.76 rde.c
--- rde.c 12 Jun 2018 20:12:36 -0000 1.76
+++ rde.c 10 Jul 2018 15:14:39 -0000
@@ -156,6 +156,9 @@ rde(struct ospfd_conf *xconf, int pipe_p
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
fatal("can't drop privileges");
+ if (pledge("stdio", NULL) == -1)
+ fatal("pledge");
+
event_init();
rde_nbr_init(NBR_HASHSIZE);
lsa_init(&asext_tree);
