A couple of programs are passing "route" to pledge (bgpd.c; iked.c; ...)
We have to document the route syscall in pledge (2) > -----Original Message----- > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf > Of Philip Higgins > Sent: Monday, April 04, 2016 01:12 > To: misc@openbsd.org > Subject: /usr/sbin/dhcpd -u pledge failure. > > Hi, > > When using 'udpsockmode' in dhcpd (-u flag), it first calls pledge("stdio rpath > inet sendfd proc id", NULL) (in udpsock.c) > > then tries > pledge("stdio inet route sendfd", NULL) (back in dhcpd.c) > > The "route" causes it to fail. > > eg. > $ doas dhcpd -u -fd pppx0 > Listening on 255.255.255.255:67/udp. > dhcpd: pledge: Operation not permitted > > "route" isn't defined in the pledge(2) man page, but testing seems to indicate it is > necessary. > > Index: udpsock.c > ================================================================= > == > RCS file: /cvs/src/usr.sbin/dhcpd/udpsock.c,v > retrieving revision 1.5 > diff -u -p -r1.5 udpsock.c > --- udpsock.c 8 Feb 2016 02:06:07 -0000 1.5 > +++ udpsock.c 4 Apr 2016 04:09:14 -0000 > @@ -65,7 +65,7 @@ udpsock_startup(struct in_addr bindaddr) > error("setsocketopt IP_RECVIF failed for udp: %s", > strerror(errno)); > > - if (pledge("stdio rpath inet sendfd proc id", NULL) == -1) > + if (pledge("stdio rpath inet sendfd proc id route", NULL) == -1) > error("pledge: %s", strerror(errno)); > > sin4.sin_family = AF_INET; > > > -- > -Phil [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
