From: Roy Marples <roy@marples.name>
Date: Wed, 10 Jun 2020 04:46:19 +0000 (+0100)
Subject: privsep: Apply resource limits to OpenBSD as well where we can
X-Git-Tag: v9.1.2~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00b5fa3b54899271376ed89b785aec32b9f97e98;p=thirdparty%2Fdhcpcd.git

privsep: Apply resource limits to OpenBSD as well where we can

After all, pledge or capsicum could have bugs.
---

diff --git a/src/privsep.c b/src/privsep.c
index c18968e8..a29c1da6 100644
--- a/src/privsep.c
+++ b/src/privsep.c
@@ -129,14 +129,11 @@ ps_dropprivs(struct dhcpcd_ctx *ctx)
 		return -1;
 	}
 
-#if defined(HAVE_PLEDGE)
-	/* Pledge does not seem to work well with resource limits. */
-#else
 	struct rlimit rzero = { .rlim_cur = 0, .rlim_max = 0 };
 
 	if (ctx->ps_control_pid != getpid()) {
 		/* Prohibit new files, sockets, etc */
-#if defined(__linux__) || defined(__sun)
+#if defined(__linux__) || defined(__sun) || defined(__OpenBSD__)
 		/*
 		 * If poll(2) is called with nfds > RLIMIT_NOFILE
 		 * then it returns EINVAL.
@@ -166,7 +163,7 @@ ps_dropprivs(struct dhcpcd_ctx *ctx)
 #endif
 	}
 
-#ifndef HAVE_CAPSICUM
+#if !defined(HAVE_CAPSICUM) && !defined(HAVE_PLEDGE)
 	/* Prohibit large files */
 	if (setrlimit(RLIMIT_FSIZE, &rzero) == -1) {
 		logerr("setrlimit RLIMIT_FSIZE");
@@ -180,7 +177,6 @@ ps_dropprivs(struct dhcpcd_ctx *ctx)
 		logerr("setrlimit RLIMIT_NPROC");
 		return -1;
 	}
-#endif
 #endif
 
 	return 0;