From: kn <kn@openbsd.org>
Date: Thu, 21 Jan 2021 08:13:59 +0000 (+0000)
Subject: Revert r1.87 "Pledge before authentication when possible"
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=68e47d60f0b22f2cac8b6fd3b2488a09fd279c84;p=openbsd

Revert r1.87 "Pledge before authentication when possible"

Someone reported to me that

''This breaks ansible managed machines where "persist" isn't used. There
i get

/bsd: doas[49341]: pledge "proc", syscall 2

Using "persist", everything is fine.''
---

diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c
index ff3a59c881d..d82f67f16fb 100644
--- a/usr.bin/doas/doas.c
+++ b/usr.bin/doas/doas.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.c,v 1.87 2021/01/20 07:30:51 kn Exp $ */
+/* $OpenBSD: doas.c,v 1.88 2021/01/21 08:13:59 kn Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -206,15 +206,11 @@ authuser(char *myname, char *login_style, int persist)
 	auth_session_t *as;
 	int fd = -1;
 
-	if (persist) {
+	if (persist)
 		fd = open("/dev/tty", O_RDWR);
-		if (fd != -1) {
-			if (ioctl(fd, TIOCCHKVERAUTH) == 0)
-				goto good;
-		}
-	} else {
-		if (pledge("stdio rpath getpw exec id unveil", NULL) == -1)
-			err(1, "pledge");
+	if (fd != -1) {
+		if (ioctl(fd, TIOCCHKVERAUTH) == 0)
+			goto good;
 	}
 
 	if (!(as = auth_userchallenge(myname, login_style, "auth-doas",