CVSROOT: /cvs Module name: src Changes by: bry...@cvs.openbsd.org 2017/09/05 09:41:25
Modified files:
sbin/pflogd : pflogd.c pflogd.h privsep.c
Log message:
fork+exec model for pflogd(8); move pcap init to the re-exec'd privsep
parent and use 'legit' fdpassing primitives to send the bpf fd to the
unprivileged child process.
Also reduces the pledge(2) promises in the unpriv child to just
"stdio recvfd"
with help from deraadt, pcap feedback from canacar
ok deraadt@
