tame "stdio rpath wpath cpath" or a more mundane "stdio rpath", depending

on which arguments the programs are run under.
ok doug

diff --git a/usr.bin/uudecode/uudecode.c b/usr.bin/uudecode/uudecode.c
index 65801e1..355917f 100644 (file)
--- a/usr.bin/uudecode/uudecode.c
+++ b/usr.bin/uudecode/uudecode.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: uudecode.c,v 1.20 2015/01/16 06:40:13 deraadt Exp $   */
+/*     $OpenBSD: uudecode.c,v 1.21 2015/10/07 06:00:33 deraadt Exp $   */
 /*     $FreeBSD: uudecode.c,v 1.49 2003/05/03 19:44:46 obrien Exp $    */
 
 /*-
@@ -126,6 +126,14 @@ main(int argc, char *argv[])
        argc -= optind;
        argv += optind;
 
+       if (oflag || pflag == 0) {
+               if (tame("stdio rpath wpath cpath", NULL) == -1)
+                       err(1, "tame");
+       } else {
+               if (tame("stdio rpath", NULL) == -1)
+                       err(1, "tame");
+       }
+
        if (*argv) {
                rval = 0;
                do {

diff --git a/usr.bin/uuencode/uuencode.c b/usr.bin/uuencode/uuencode.c
index 6e203fb..c3dfe3a 100644 (file)
--- a/usr.bin/uuencode/uuencode.c
+++ b/usr.bin/uuencode/uuencode.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: uuencode.c,v 1.11 2015/01/16 06:40:13 deraadt Exp $   */
+/*     $OpenBSD: uuencode.c,v 1.12 2015/10/07 06:00:33 deraadt Exp $   */
 /*     $FreeBSD: uuencode.c,v 1.18 2004/01/22 07:23:35 grehan Exp $    */
 
 /*-
@@ -98,6 +98,14 @@ main(int argc, char *argv[])
        argv += optind;
        argc -= optind;
 
+       if (argc == 2 || outfile) {
+               if (tame("stdio rpath wpath cpath", NULL) == -1)
+                       err(1, "tame");
+       } else {
+               if (tame("stdio", NULL) == -1)
+                       err(1, "tame");
+       }
+
        switch(argc) {
        case 2:                 /* optional first argument is input file */
                if (!freopen(*argv, "r", stdin) || fstat(fileno(stdin), &sb))