kvm_mkdb & dev_mkdb are quite similar. pledge "stdio rpath wpath cpath"

except kvm_mkdb also does "getpw".

diff --git a/usr.sbin/dev_mkdb/dev_mkdb.c b/usr.sbin/dev_mkdb/dev_mkdb.c
index 74a05d6..83aaf74 100644 (file)
--- a/usr.sbin/dev_mkdb/dev_mkdb.c
+++ b/usr.sbin/dev_mkdb/dev_mkdb.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: dev_mkdb.c,v 1.13 2015/01/16 06:40:16 deraadt Exp $   */
+/*     $OpenBSD: dev_mkdb.c,v 1.14 2015/10/12 16:01:53 deraadt Exp $   */
 
 /*-
  * Copyright (c) 1990, 1993
@@ -61,6 +61,9 @@ main(int argc, char *argv[])
        u_char buf[MAXNAMLEN + 1];
        char dbtmp[PATH_MAX], dbname[PATH_MAX];
 
+       if (pledge("stdio rpath wpath cpath", NULL) == -1)
+               err(1, "pledge");
+
        while ((ch = getopt(argc, argv, "")) != -1)
                switch(ch) {
                case '?':

diff --git a/usr.sbin/kvm_mkdb/kvm_mkdb.c b/usr.sbin/kvm_mkdb/kvm_mkdb.c
index 2ab71c0..156cd57 100644 (file)
--- a/usr.sbin/kvm_mkdb/kvm_mkdb.c
+++ b/usr.sbin/kvm_mkdb/kvm_mkdb.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kvm_mkdb.c,v 1.20 2015/01/16 06:40:17 deraadt Exp $   */
+/*     $OpenBSD: kvm_mkdb.c,v 1.21 2015/10/12 16:01:53 deraadt Exp $   */
 
 /*-
  * Copyright (c) 1990, 1993
@@ -75,6 +75,9 @@ main(int argc, char *argv[])
                        warn("can't set rlimit data size");
        }
 
+       if (pledge("stdio rpath wpath cpath getpw", NULL) == -1)
+               err(1, "pledge");
+
        strlcpy(dbdir, _PATH_VARDB, sizeof(dbdir));
        while ((ch = getopt(argc, argv, "vo:")) != -1)
                switch (ch) {