normalize the ordering of tame requests (particularily, "rpath wpath cpath",

which i have put in that order). this is not important, but helps look
for outliers which might be strange.  it hints that "ioctl" should be
reassessed in a few places, to see if "tty" is better; that "unix" may
be used in some places where "route" could now work.

diff --git a/bin/md5/md5.c b/bin/md5/md5.c
index b9b6838..2926c37 100644 (file)
--- a/bin/md5/md5.c
+++ b/bin/md5/md5.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: md5.c,v 1.82 2015/10/09 01:37:06 deraadt Exp $        */
+/*     $OpenBSD: md5.c,v 1.83 2015/10/10 20:18:30 deraadt Exp $        */
 
 /*
  * Copyright (c) 2001,2003,2005-2007,2010,2013,2014
@@ -200,7 +200,7 @@ main(int argc, char **argv)
        int fl, error, base64, i;
        int bflag, cflag, pflag, rflag, tflag, xflag;
 
-       if (pledge("stdio cpath rpath wpath", NULL) == -1)
+       if (pledge("stdio rpath wpath cpath", NULL) == -1)
                err(1, "pledge");
 
        TAILQ_INIT(&hl);

diff --git a/bin/mkdir/mkdir.c b/bin/mkdir/mkdir.c
index a9a7863..9ebf6b4 100644 (file)
--- a/bin/mkdir/mkdir.c
+++ b/bin/mkdir/mkdir.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: mkdir.c,v 1.27 2015/10/09 01:37:06 deraadt Exp $      */
+/*     $OpenBSD: mkdir.c,v 1.28 2015/10/10 20:18:30 deraadt Exp $      */
 /*     $NetBSD: mkdir.c,v 1.14 1995/06/25 21:59:21 mycroft Exp $       */
 
 /*
@@ -83,7 +83,7 @@ main(int argc, char *argv[])
        argv += optind;
 
        if (mode & (S_ISUID | S_ISGID | S_ISTXT) == 0) {
-               if (pledge("stdio cpath rpath fattr", NULL) == -1)
+               if (pledge("stdio rpath cpath fattr", NULL) == -1)
                        err(1, "pledge");
        }
 

diff --git a/usr.bin/openssl/openssl.c b/usr.bin/openssl/openssl.c
index 8ac6456..9db7e5b 100644 (file)
--- a/usr.bin/openssl/openssl.c
+++ b/usr.bin/openssl/openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: openssl.c,v 1.15 2015/10/09 01:37:08 deraadt Exp $ */
+/* $OpenBSD: openssl.c,v 1.16 2015/10/10 20:18:30 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -436,7 +436,7 @@ main(int argc, char **argv)
        arg.data = NULL;
        arg.count = 0;
 
-       if (pledge("stdio inet rpath cpath wpath proc", NULL) == -1) {
+       if (pledge("stdio inet rpath wpath cpath proc", NULL) == -1) {
                fprintf(stderr, "openssl: pledge: %s\n", strerror(errno));
                exit(1);
        }

diff --git a/usr.bin/sed/main.c b/usr.bin/sed/main.c
index 50ed1c0..015b8bc 100644 (file)
--- a/usr.bin/sed/main.c
+++ b/usr.bin/sed/main.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: main.c,v 1.26 2015/10/09 01:37:08 deraadt Exp $       */
+/*     $OpenBSD: main.c,v 1.27 2015/10/10 20:18:30 deraadt Exp $       */
 
 /*-
  * Copyright (c) 1992 Diomidis Spinellis.
@@ -160,10 +160,10 @@ main(int argc, char *argv[])
                termwidth = 60;
 
        if (inplace != NULL) {
-               if (pledge("stdio wpath rpath cpath fattr", NULL) == -1)
+               if (pledge("stdio rpath wpath cpath fattr", NULL) == -1)
                        err(1, "pledge");
        } else {
-               if (pledge("stdio wpath rpath cpath", NULL) == -1)
+               if (pledge("stdio rpath wpath cpath", NULL) == -1)
                        err(1, "pledge");
        }