With nfs spool (fork + seteuid/setuid balony) support gone, it becomes

author deraadt <deraadt@openbsd.org>

Fri, 9 Oct 2015 17:09:06 +0000 (17:09 +0000)

committer deraadt <deraadt@openbsd.org>

Fri, 9 Oct 2015 17:09:06 +0000 (17:09 +0000)
author deraadt <deraadt@openbsd.org>
Fri, 9 Oct 2015 17:09:06 +0000 (17:09 +0000)
committer deraadt <deraadt@openbsd.org>
Fri, 9 Oct 2015 17:09:06 +0000 (17:09 +0000)
diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c

index af26c73..d0836b7 100644 (file)
--- a/libexec/comsat/comsat.c
+++ b/libexec/comsat/comsat.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: comsat.c,v 1.41 2015/10/09 17:07:21 deraadt Exp $     */
+/*     $OpenBSD: comsat.c,v 1.42 2015/10/09 17:09:06 deraadt Exp $     */
  
  /*
   * Copyright (c) 1980, 1993
@@ -52,6 +52,7 @@
  #include <unistd.h>
  #include <utmp.h>
  #include <vis.h>
+#include <err.h>
  
  int    debug = 0;
  #define        dsyslog if (debug) syslog
@@ -82,6 +83,9 @@ main(int argc, char *argv[])
         char msgbuf[100];
         sigset_t sigset;
  
+       if (pledge("stdio rpath wpath tty proc", NULL) == -1)
+               err(1, "pledge");
+
         /* verify proper invocation */
         fromlen = sizeof(from);
         if (getsockname(0, (struct sockaddr *)&from, &fromlen) == -1) {
author	deraadt <deraadt@openbsd.org>
	Fri, 9 Oct 2015 17:09:06 +0000 (17:09 +0000)
committer	deraadt <deraadt@openbsd.org>
	Fri, 9 Oct 2015 17:09:06 +0000 (17:09 +0000)