Use unveil(2) and pledge(2) to drop more privileges, where available

Only available on OpenBSD as far as I know. pledge(2): Strangely there doesn't seem to be a way to use many of the ioctls needed during setup, so pledge(2) only protects the main loop. unveil(2): Strangely there doesn't seem to be a way of just dropping all fs access. Instead I restricted to only reading what is probably a nonexistent file.
author: Thomas Habets <habets@google.com> 2019-07-31 23:10:57 +0100
committer: Thomas Habets <habets@google.com> 2019-07-31 23:10:57 +0100
commit: b69a15ac21e565ffd805d0d8c8c05fd130c33766 (patch)
tree: 5f1fc22489225327724821377b7dae4ca659a574 /configure.ac
parent: 53efc6c50fb47e4ab19eb1c413e0ed571c03d5b6 (diff)
download: arping-b69a15ac21e565ffd805d0d8c8c05fd130c33766.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac
index 253b46d..0ba11d9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -74,7 +74,8 @@ AC_FUNC_SELECT_ARGTYPES
 AC_FUNC_SETVBUF_REVERSED
 AC_TYPE_SIGNAL
 AC_CHECK_FUNCS([gettimeofday memset select strchr strdup strerror strstr \
-getifaddrs cap_init pcap_create pcap_list_tstamp_types pcap_set_immediate_mode])
+getifaddrs cap_init pcap_create pcap_list_tstamp_types pcap_set_immediate_mode \
+pledge unveil])
 
 if test x$ac_cv_func_getifaddrs = xyes; then
     AC_LIBOBJ([findif_getifaddrs])
author	Thomas Habets <habets@google.com>	2019-07-31 23:10:57 +0100
committer	Thomas Habets <habets@google.com>	2019-07-31 23:10:57 +0100
commit	b69a15ac21e565ffd805d0d8c8c05fd130c33766 (patch)
tree	5f1fc22489225327724821377b7dae4ca659a574 /configure.ac
parent	53efc6c50fb47e4ab19eb1c413e0ed571c03d5b6 (diff)
download	arping-b69a15ac21e565ffd805d0d8c8c05fd130c33766.tar.gz