add pledge(2) to quot(8):

- rpath to traverse the filesystem(s)
- getpw to figure out who owns what

OK tb@ deraadt@

diff --git a/usr.sbin/quot/quot.c b/usr.sbin/quot/quot.c
index 2651789..56a2a83 100644 (file)
--- a/usr.sbin/quot/quot.c
+++ b/usr.sbin/quot/quot.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: quot.c,v 1.30 2017/09/07 03:24:09 tedu Exp $  */
+/*     $OpenBSD: quot.c,v 1.31 2018/07/26 13:37:40 mestre Exp $        */
 
 /*
  * Copyright (C) 1991, 1994 Wolfgang Solfrank.
@@ -572,6 +572,10 @@ main(int argc, char *argv[])
                        }
                }
        }
+
+       if (pledge("stdio rpath getpw", NULL) == -1)
+               err(1, "pledge");
+
        cnt = getmntinfo(&mp, MNT_NOWAIT);
        if (all) {
                for (; --cnt >= 0; mp++) {