Drop unnecessary pledge(2) promises on apm(8):

After we successfully connect to the unix socket created by apmd(8) all actions
occur over fds so we can drop only to pledge("stdio").

The code path in the case that the required action is GETSTATUS, and we couldn't
connect to the socket, then after open(2)/ioctl(2) the device /dev/apm directly
we can pledge("stdio") as well since from here on down we only need to
printf(3) messages.

OK deraadt@

diff --git a/usr.sbin/apm/apm.c b/usr.sbin/apm/apm.c
index d739ecc..9abc2d5 100644 (file)
--- a/usr.sbin/apm/apm.c
+++ b/usr.sbin/apm/apm.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: apm.c,v 1.33 2017/07/23 12:51:20 anton Exp $  */
+/*     $OpenBSD: apm.c,v 1.34 2018/08/14 06:38:33 mestre Exp $ */
 
 /*
  *  Copyright (c) 1996 John T. Kohl
@@ -246,7 +246,7 @@ main(int argc, char *argv[])
        fd = open_socket(sockname);
 
        if (fd != -1) {
-               if (pledge("stdio rpath wpath cpath", NULL) == -1)
+               if (pledge("stdio", NULL) == -1)
                        err(1, "pledge");
        }
 
@@ -287,8 +287,12 @@ main(int argc, char *argv[])
                        /* open the device directly and get status */
                        fd = open(_PATH_APM_NORMAL, O_RDONLY);
                        if (ioctl(fd, APM_IOC_GETPOWER,
-                           &reply.batterystate) == 0)
+                           &reply.batterystate) == 0) {
+                               if (pledge("stdio", NULL) == -1)
+                                       err(1, "pledge");
+
                                goto printval;
+                       }
                }
                /* FALLTHROUGH */
 balony: