OpenBSD/src Xug3ij7 — usr.sbin/snmpd snmpe.c
Remove #if'ed 0 code around a broken pledge. Due to some ioctls and sysctls pledge cannot be used, nevertheless since we now have unveil available we can use it to guarantee that in this particular case the snmpe process cannot access the filesystem at all, therefore close a big attack vector and achieve a great level of protection even without being able to use pledge. prodded by deraadt@
Version | Delta | File | |
---|---|---|---|
1.56 | +1 | -9 | usr.sbin/snmpd/snmpe.c |
+1 | -9 | 1 files |