Remove initial pledge(2) that doesn't give us much protection since it's so

short lived, we either go directly exiting the program or just a few lines
below we call pledge(2) again, where it actually should be, and with really
reduced promises. Next commit will restrict further access to the filesystem
through unveil(2).

OK deraadt@ kn@

diff --git a/usr.bin/getent/getent.c b/usr.bin/getent/getent.c
index bf4fa22..9da7ac5 100644 (file)
--- a/usr.bin/getent/getent.c
+++ b/usr.bin/getent/getent.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: getent.c,v 1.14 2016/02/01 19:57:28 jca Exp $ */
+/*     $OpenBSD: getent.c,v 1.15 2018/09/25 06:43:20 mestre Exp $      */
 /*     $NetBSD: getent.c,v 1.7 2005/08/24 14:31:02 ginsbach Exp $      */
 
 /*-
@@ -95,9 +95,6 @@ main(int argc, char *argv[])
 {
        struct getentdb *curdb;
 
-       if (pledge("stdio dns rpath getpw", NULL) == -1)
-               err(1, "pledge");
-
        if (argc < 2)
                usage();
        for (curdb = databases; curdb->name != NULL; curdb++) {