privsep: Implement pledge(2) support as found on OpenBSD

1 files changed, 9 insertions, 1 deletions

diff --git a/src/privsep-bpf.c b/src/privsep-bpf.c
index b1ed821d..fd76576c 100644
--- a/src/privsep-bpf.c
+++ b/src/privsep-bpf.c
@@ -203,6 +203,7 @@ ps_bpf_cmd(struct dhcpcd_ctx *ctx, struct ps_msghdr *psm, struct msghdr *msg)
 	struct iovec *iov = msg->msg_iov;
 	struct interface *ifp;
 	struct ipv4_state *istate;
+	unsigned int flags = PSF_DROPPRIVS | PSF_CAP_ENTER;
 
 	cmd = (uint8_t)(psm->ps_cmd & ~(PS_START | PS_STOP));
 	psp = ps_findprocess(ctx, &psm->ps_id);
@@ -256,12 +257,19 @@ ps_bpf_cmd(struct dhcpcd_ctx *ctx, struct ps_msghdr *psm, struct msghdr *msg)
 		psp->psp_proto = ETHERTYPE_ARP;
 		psp->psp_protostr = "ARP";
 		psp->psp_filter = bpf_arp;
+		/*
+		 * Pledge is currently useless for BPF ARP because we cannot
+		 * change the filter:
+		 * http://openbsd-archive.7691.n7.nabble.com/ \
+		 * 	  pledge-bpf-32bit-arch-unbreak-td299901.html
+		 */
 		break;
 #endif
 	case PS_BPF_BOOTP:
 		psp->psp_proto = ETHERTYPE_IP;
 		psp->psp_protostr = "BOOTP";
 		psp->psp_filter = bpf_bootp;
+		flags |= PSF_PLEDGE;
 		break;
 	}
 
@@ -269,7 +277,7 @@ ps_bpf_cmd(struct dhcpcd_ctx *ctx, struct ps_msghdr *psm, struct msghdr *msg)
 	    &psp->psp_pid, &psp->psp_fd,
 	    ps_bpf_recvmsg, NULL, psp,
 	    ps_bpf_start_bpf, ps_bpf_signal_bpfcb,
-	    PSF_DROPPRIVS | PSF_CAP_ENTER);
+	    flags);
 	switch (start) {
 	case -1:
 		ps_freeprocess(psp);