From 49afeee2d5471885ed38610eaae1b7d7da23fa75 Mon Sep 17 00:00:00 2001 From: tim Date: Sun, 1 Nov 2015 14:02:37 +0000 Subject: [PATCH] Pledge; OK millert@ --- usr.bin/skeyaudit/skeyaudit.c | 10 +++++++++- usr.bin/skeyinfo/skeyinfo.c | 5 ++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/usr.bin/skeyaudit/skeyaudit.c b/usr.bin/skeyaudit/skeyaudit.c index 381c271b6dc..335382d8292 100644 --- a/usr.bin/skeyaudit/skeyaudit.c +++ b/usr.bin/skeyaudit/skeyaudit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: skeyaudit.c,v 1.25 2015/01/16 06:40:11 deraadt Exp $ */ +/* $OpenBSD: skeyaudit.c,v 1.26 2015/11/01 14:02:37 tim Exp $ */ /* * Copyright (c) 1997, 2000, 2003 Todd C. Miller @@ -47,6 +47,9 @@ main(int argc, char **argv) char *name; int ch, left, aflag, iflag, limit; + if (pledge("stdio rpath wpath flock getpw proc exec id", NULL) == -1) + err(1, "pledge"); + aflag = iflag = 0; limit = 12; while ((ch = getopt(argc, argv, "ail:")) != -1) @@ -72,6 +75,11 @@ main(int argc, char **argv) usage(); } + if (iflag) { + if (pledge("stdio rpath wpath flock getpw", NULL) == -1) + err(1, "pledge"); + } + /* * Make sure STDIN_FILENO, STDOUT_FILENO, and STDERR_FILENO are open. * If not, open /dev/null in their place or bail. diff --git a/usr.bin/skeyinfo/skeyinfo.c b/usr.bin/skeyinfo/skeyinfo.c index bf3cdc63dc6..514fe21dc66 100644 --- a/usr.bin/skeyinfo/skeyinfo.c +++ b/usr.bin/skeyinfo/skeyinfo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: skeyinfo.c,v 1.14 2003/06/17 21:56:26 millert Exp $ */ +/* $OpenBSD: skeyinfo.c,v 1.15 2015/11/01 14:02:37 tim Exp $ */ /* * Copyright (c) 1997, 2001, 2002 Todd C. Miller @@ -42,6 +42,9 @@ main(int argc, char **argv) char *name = NULL; int error, ch, verbose = 0; + if (pledge("stdio rpath wpath flock getpw", NULL) == -1) + err(1, "pledge"); + while ((ch = getopt(argc, argv, "v")) != -1) switch(ch) { case 'v':