pledge(2) for the X server privileged process. ok deraadt@

2015-11-11 21:07:49 +00:00 · 2015-11-11 21:07:49 +00:00 · f7d98a310c
commit f7d98a310c
parent a7bbf5197e
1 changed files with 4 additions and 1 deletions
--- a/xserver/os/privsep.c
+++ b/xserver/os/privsep.c
@ -1,4 +1,4 @@
-/* $OpenBSD: privsep.c,v 1.27 2014/10/18 14:39:40 matthieu Exp $ */
+/* $OpenBSD: privsep.c,v 1.28 2015/11/11 21:07:49 matthieu Exp $ */
 /*
 * Copyright 2001 Niels Provos <provos@citi.umich.edu>
 * All rights reserved.
@ -274,6 +274,9 @@ priv_init(uid_t uid, gid_t gid)
 	setproctitle("[priv]");
 	close(socks[1]);

+	if (pledge("stdio rpath wpath sendfd proc", NULL) == -1)
+		err(1, "pledge");
+
 	while (1) {
 		if (read(socks[0], &cmd, sizeof(cmd)) == 0) {
 			exit(0);