Support OpenBSD 6.0 pledge() syscall for sandboxing.

2016-09-18 01:32:24 -04:00
parent 5619dd47bb
commit 1077db41b6
3 changed files with 21 additions and 0 deletions
@@ -33,6 +33,7 @@
 #include "config.h"
 #include "version.h"

+#include <err.h>
 #include <errno.h>
 #include <locale.h>
 #include <string.h>
@@ -563,6 +564,15 @@ static int run_server( const char *desired_ip, const char *desired_port,
  } else {
    /* parent */

+    /* Drop unnecessary privileges */
+#ifdef HAVE_PLEDGE
+    /* OpenBSD pledge() syscall */
+    if ( pledge( "stdio inet ioctl tty", NULL )) {
+      perror( "pledge() failed" );
+      exit( 1 );
+    }
+#endif
+
 #ifdef HAVE_UTEMPTER
    /* make utmp entry */
    utempter_add_record( master, utmp_entry );