semarie points out i am already forgetting the rules are very tight around

author deraadt <deraadt@openbsd.org>

Tue, 13 Oct 2015 15:55:44 +0000 (15:55 +0000)

committer deraadt <deraadt@openbsd.org>

Tue, 13 Oct 2015 15:55:44 +0000 (15:55 +0000)
author deraadt <deraadt@openbsd.org>
Tue, 13 Oct 2015 15:55:44 +0000 (15:55 +0000)
committer deraadt <deraadt@openbsd.org>
Tue, 13 Oct 2015 15:55:44 +0000 (15:55 +0000)
diff --git a/usr.sbin/kvm_mkdb/kvm_mkdb.c b/usr.sbin/kvm_mkdb/kvm_mkdb.c

index 6fc6064..eff6a7b 100644 (file)
--- a/usr.sbin/kvm_mkdb/kvm_mkdb.c
+++ b/usr.sbin/kvm_mkdb/kvm_mkdb.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: kvm_mkdb.c,v 1.22 2015/10/13 15:43:19 deraadt Exp $   */
+/*     $OpenBSD: kvm_mkdb.c,v 1.23 2015/10/13 15:55:44 deraadt Exp $   */
  
  /*-
   * Copyright (c) 1990, 1993
@@ -75,10 +75,6 @@ main(int argc, char *argv[])
                         warn("can't set rlimit data size");
         }
  
-       /* getpwnam() and fchown() later */
-       if (pledge("stdio rpath wpath cpath getpw fattr proc", NULL) == -1)
-               err(1, "pledge");
-
         strlcpy(dbdir, _PATH_VARDB, sizeof(dbdir));
         while ((ch = getopt(argc, argv, "vo:")) != -1)
                 switch (ch) {
@@ -174,7 +170,7 @@ kvm_mkdb(int fd, const char *dbdir, char *nlistpath, char *nlistname,
         }
  
         /* rename() later */
-       if (pledge("stdio cpath", NULL) == -1)
+       if (pledge("stdio rpath wpath cpath", NULL) == -1)
                 err(1, "pledge");
  
         if (create_knlist(nlistpath, fd, db) != 0) {
author	deraadt <deraadt@openbsd.org>
	Tue, 13 Oct 2015 15:55:44 +0000 (15:55 +0000)
committer	deraadt <deraadt@openbsd.org>
	Tue, 13 Oct 2015 15:55:44 +0000 (15:55 +0000)