fsdb(8) sucks in and is pledged by fsck(8). Since it uses editline(3),

add a special case for the missing "rpath" and "tty" promises.
Issue found and initial analysis by Jan Stary, thanks!

ok deraadt

diff --git a/sbin/fsck_ffs/setup.c b/sbin/fsck_ffs/setup.c
index 277e51b..7a51b28 100644 (file)
--- a/sbin/fsck_ffs/setup.c
+++ b/sbin/fsck_ffs/setup.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: setup.c,v 1.60 2015/11/24 21:42:54 deraadt Exp $      */
+/*     $OpenBSD: setup.c,v 1.61 2016/08/20 15:04:21 tb Exp $   */
 /*     $NetBSD: setup.c,v 1.27 1996/09/27 22:45:19 christos Exp $      */
 
 /*
@@ -103,7 +103,8 @@ setup(char *dev)
                setcdevname(rdevname, dev, preen);
 
                if (!hotroot())
-                       if (pledge("stdio rpath wpath getpw disklabel", NULL) == -1)
+                       if (pledge("stdio rpath wpath getpw tty disklabel",
+                           NULL) == -1)
                                err(1, "pledge");
        }
        if (fstat(fsreadfd, &statb) < 0) {
@@ -146,8 +147,13 @@ setup(char *dev)
 
        if (!hotroot()) {
 #ifndef SMALL
-               if (pledge("stdio getpw", NULL) == -1)
-                       err(1, "pledge");
+               if (strcmp("fsdb", getprogname()) == 0) {
+                       if (pledge("stdio rpath getpw tty", NULL) == -1)
+                               err(1, "pledge");
+               } else {
+                       if (pledge("stdio getpw", NULL) == -1)
+                               err(1, "pledge");
+               }
 #else
                if (pledge("stdio", NULL) == -1)
                        err(1, "pledge");