From: tb <tb@openbsd.org>
Date: Thu, 15 Jun 2017 19:37:10 +0000 (+0000)
Subject: Finer grained pledge for at(1).  After setegid(), do a three-way pledge:
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=4236b3edc9da8c3d594722901263adc4e4205d5f;p=openbsd

Finer grained pledge for at(1).  After setegid(), do a three-way pledge:
For AT and BATCH:	"stdio rpath wpath cpath fattr getpw unix"
For ATRM:		"stdio rpath cpath getpw unix"
For ATQ and CAT:	"stdio rpath getpw"
"unix" is needed for poke_daemon() and "fattr" to chmod +x spoolfile.

idea and ok millert
---

diff --git a/usr.bin/at/at.c b/usr.bin/at/at.c
index 16a96a7baf4..21936c15e88 100644
--- a/usr.bin/at/at.c
+++ b/usr.bin/at/at.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: at.c,v 1.80 2017/06/07 23:36:43 millert Exp $	*/
+/*	$OpenBSD: at.c,v 1.81 2017/06/15 19:37:10 tb Exp $	*/
 
 /*
  *  at.c : Put file into atrun queue
@@ -991,9 +991,26 @@ main(int argc, char **argv)
 			if (setegid(spool_gid) != 0)
 				fatal("setegid(spool_gid)");
 		}
+
+		if (pledge("stdio rpath wpath cpath fattr getpw unix", NULL)
+		    == -1)
+			fatal("pledge");
+		break;
+
+	case ATQ:
+	case CAT:
+		if (pledge("stdio rpath getpw", NULL) == -1)
+			fatal("pledge");
+		break;
+
+	case ATRM:
+		if (pledge("stdio rpath cpath getpw unix", NULL) == -1)
+			fatal("pledge");
 		break;
+
 	default:
-		;
+		fatalx("internal error");
+		break;
 	}
 
 	if ((pw = getpwuid(user_uid)) == NULL)