diff options
author | Thomas Habets <habets@google.com> | 2019-07-31 23:10:57 +0100 |
---|---|---|
committer | Thomas Habets <habets@google.com> | 2019-07-31 23:10:57 +0100 |
commit | b69a15ac21e565ffd805d0d8c8c05fd130c33766 (patch) | |
tree | 5f1fc22489225327724821377b7dae4ca659a574 /configure.ac | |
parent | 53efc6c50fb47e4ab19eb1c413e0ed571c03d5b6 (diff) | |
download | arping-b69a15ac21e565ffd805d0d8c8c05fd130c33766.tar.gz |
Use unveil(2) and pledge(2) to drop more privileges, where available
Only available on OpenBSD as far as I know.
pledge(2):
Strangely there doesn't seem to be a way to use many of the ioctls
needed during setup, so pledge(2) only protects the main loop.
unveil(2):
Strangely there doesn't seem to be a way of just dropping all fs
access. Instead I restricted to only reading what is probably a
nonexistent file.
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index 253b46d..0ba11d9 100644 --- a/configure.ac +++ b/configure.ac @@ -74,7 +74,8 @@ AC_FUNC_SELECT_ARGTYPES AC_FUNC_SETVBUF_REVERSED AC_TYPE_SIGNAL AC_CHECK_FUNCS([gettimeofday memset select strchr strdup strerror strstr \ -getifaddrs cap_init pcap_create pcap_list_tstamp_types pcap_set_immediate_mode]) +getifaddrs cap_init pcap_create pcap_list_tstamp_types pcap_set_immediate_mode \ +pledge unveil]) if test x$ac_cv_func_getifaddrs = xyes; then AC_LIBOBJ([findif_getifaddrs]) |