|
|
|
@ -1,4 +1,4 @@ |
|
|
|
/* $OpenBSD: ntpd.c,v 1.115 2018/08/04 11:07:14 mestre Exp $ */ |
|
|
|
/* $OpenBSD: ntpd.c,v 1.116 2018/08/08 22:56:42 deraadt Exp $ */ |
|
|
|
|
|
|
|
/* |
|
|
|
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> |
|
|
|
@ -244,6 +244,10 @@ main(int argc, char *argv[]) |
|
|
|
* Constraint processes are forked with certificates in memory, |
|
|
|
* then privdrop into chroot before speaking to the outside world. |
|
|
|
*/ |
|
|
|
if (unveil("/etc/ssl/cert.pem", "r") == -1) |
|
|
|
err(1, "unveil"); |
|
|
|
if (unveil("/usr/sbin/ntpd", "x") == -1) |
|
|
|
err(1, "unveil"); |
|
|
|
if (pledge("stdio rpath inet settime proc exec id", NULL) == -1) |
|
|
|
err(1, "pledge"); |
|
|
|
|
|
|
|
|
deraadt
6 years ago