Tighten pledge: We only write to stdio and never to any files if

in cat mode (-c, zcat), or in test mode (-t), or if there are no
file arguments and there is no -o outfile.  Due to fts(3) we require
rpath even for compress <in >out.

"seems sound" deraadt@

diff --git a/usr.bin/compress/main.c b/usr.bin/compress/main.c
index 1793da7..c359ba0 100644 (file)
--- a/usr.bin/compress/main.c
+++ b/usr.bin/compress/main.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: main.c,v 1.89 2015/10/09 01:37:07 deraadt Exp $       */
+/*     $OpenBSD: main.c,v 1.90 2015/10/17 21:34:07 naddy Exp $ */
 
 /*
  * Copyright (c) 1992, 1993
@@ -332,6 +332,10 @@ main(int argc, char *argv[])
        argc -= optind;
        argv += optind;
 
+       if (cflag || testmode || (!oflag && argc == 0))
+               if (pledge("stdio rpath", NULL) == -1)
+                       err(1, "pledge");
+
        if (argc == 0) {
                argv = calloc(2, sizeof(char *));
                if (argv == NULL)