Pledge login_token with "stdio rpath wpath cpath fattr getpw tty".

author bluhm <bluhm@openbsd.org>

Thu, 15 Oct 2015 20:14:23 +0000 (20:14 +0000)

committer bluhm <bluhm@openbsd.org>

Thu, 15 Oct 2015 20:14:23 +0000 (20:14 +0000)
author bluhm <bluhm@openbsd.org>
Thu, 15 Oct 2015 20:14:23 +0000 (20:14 +0000)
committer bluhm <bluhm@openbsd.org>
Thu, 15 Oct 2015 20:14:23 +0000 (20:14 +0000)
diff --git a/libexec/login_token/login_token.c b/libexec/login_token/login_token.c

index 1f84e82..668baaf 100644 (file)
--- a/libexec/login_token/login_token.c
+++ b/libexec/login_token/login_token.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: login_token.c,v 1.11 2013/12/03 01:29:00 deraadt Exp $        */
+/*     $OpenBSD: login_token.c,v 1.12 2015/10/15 20:14:23 bluhm Exp $  */
  
  /*-
   * Copyright (c) 1995, 1996 Berkeley Software Design, Inc. All rights reserved.
@@ -81,6 +81,9 @@ main(int argc, char *argv[])
         if (setrlimit(RLIMIT_CORE, &cds) < 0)
                 syslog(LOG_ERR, "couldn't set core dump size to 0: %m");
  
+       if (pledge("stdio rpath wpath cpath fattr getpw tty", NULL) == -1)
+               err(1, "pledge");
+
         (void)sigprocmask(SIG_BLOCK, &blockset, NULL);
         if (token_init(argv[0]) < 0) {
                 syslog(LOG_ERR, "unknown token type");
author	bluhm <bluhm@openbsd.org>
	Thu, 15 Oct 2015 20:14:23 +0000 (20:14 +0000)
committer	bluhm <bluhm@openbsd.org>
	Thu, 15 Oct 2015 20:14:23 +0000 (20:14 +0000)