pledge() "stdio" includes trusting open&read of the root-owned timezone

databases located at system paths (a reasonable bar had to be chosen; in
the future we can replace the interfaces, since this effort is identifying
them and placing their paths in a visble place), so this program only
needs "stdio"
ok doug

diff --git a/usr.sbin/zdump/zdump.c b/usr.sbin/zdump/zdump.c
index 2026186..f3f38be 100644 (file)
--- a/usr.sbin/zdump/zdump.c
+++ b/usr.sbin/zdump/zdump.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: zdump.c,v 1.10 2015/04/23 05:26:33 deraadt Exp $ */
+/*     $OpenBSD: zdump.c,v 1.11 2015/10/12 01:40:09 deraadt Exp $ */
 /*
 ** This file is in the public domain, so clarified as of
 ** 2009-05-17 by Arthur David Olson.
@@ -121,6 +121,9 @@ main(int argc, char *argv[])
        struct tm       tm, newtm, *tmp, *newtmp;
        char            **fakeenv;
 
+       if (pledge("stdio", NULL) == -1)
+               perror("pledge");
+
        while ((c = getopt(argc, argv, "c:v")) == 'c' || c == 'v') {
                switch (c) {
                case 'v':