CVSROOT: /cvs Module name: src Changes by: bry...@cvs.openbsd.org 2018/11/09 11:39:34
Modified files: usr.sbin/tcpdump: privsep.c Log message: The 'recvfd' and 'inet' promises are no longer required by tcpdump(8) This reduces the remaining runtime pledge(2) in the privsep monitor process to "stdio rpath dns bpf": - 'rpath' for /etc/{ethers,rpc}, also unveil(2)'d thanks to mestre@! - 'dns' for DNS lookups - 'bpf' BIOCGSTATS on ^C The unprivileged packet parser process remains pledged just "stdio" This depends on the previous commit that removed YP support from ethers(5). ok mestre@