commit 096da3ef2adb042994992b57df571287b6d4c2b1
parent 6659ab0293db6f8953ef25fc6bdc123c1569a412
Author: sin <sin@2f30.org>
Date: Fri, 8 Apr 2016 15:54:10 +0100
pledge stun
Diffstat:
1 file changed, 12 insertions(+), 0 deletions(-)
diff --git a/stun.c b/stun.c
@@ -566,6 +566,12 @@ serversetup(int devfd)
freeaddrinfo(ai);
revokeprivs();
+
+#if defined(__OpenBSD__)
+ if (pledge("stdio inet", NULL) < 0)
+ logerr("pledge failed");
+#endif
+
for (;;) {
netfd = accept(listenfd, (struct sockaddr *)&remote,
(socklen_t []){sizeof(remote)});
@@ -757,7 +763,13 @@ main(int argc, char *argv[])
if (sflag)
return serversetup(devfd);
+
revokeprivs();
+#if defined(__OpenBSD__)
+ if (pledge("stdio dns inet", NULL) < 0)
+ logerr("pledge failed");
+#endif
+
/* auto-reconnect client */
for (;;) {
clientsetup(devfd);
