CVSROOT: /cvs
Module name: src
Changes by: bry...@cvs.openbsd.org 2018/11/09 11:39:34
Modified files:
usr.sbin/tcpdump: privsep.c
Log message:
The 'recvfd' and 'inet' promises are no longer required by tcpdump(8)
This reduces the remaining runtime pledge(2) in the privsep monitor
process to "stdio rpath dns bpf":
- 'rpath' for /etc/{ethers,rpc}, also unveil(2)'d thanks to mestre@!
- 'dns' for DNS lookups
- 'bpf' BIOCGSTATS on ^C
The unprivileged packet parser process remains pledged just "stdio"
This depends on the previous commit that removed YP support from
ethers(5).
ok mestre@
