From: deraadt <deraadt@openbsd.org>
Date: Fri, 16 Oct 2015 07:01:53 +0000 (+0000)
Subject: doug and I think the kernel has enough features to support
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=758d4455ed859072fee0597078a69b96e7f922a5;p=openbsd

doug and I think the kernel has enough features to support
pledge "stdio rpath wpath cpath getpw proc exec tty" now.
It will be hard to drop many of those features unless cu becomes
privsep for the "upload" commands.
---

diff --git a/usr.bin/cu/cu.c b/usr.bin/cu/cu.c
index 8bb812a169a..efa2f4f05d7 100644
--- a/usr.bin/cu/cu.c
+++ b/usr.bin/cu/cu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cu.c,v 1.23 2015/10/05 23:15:31 nicm Exp $ */
+/* $OpenBSD: cu.c,v 1.24 2015/10/16 07:01:53 deraadt Exp $ */
 
 /*
  * Copyright (c) 2012 Nicholas Marriott <nicm@openbsd.org>
@@ -79,6 +79,10 @@ main(int argc, char **argv)
 	char		*tmp, *s, *host;
 	int		 opt, i, flags;
 
+	if (pledge("stdio rpath wpath cpath getpw proc exec tty",
+	    NULL) == -1)
+		err(1, "pledge");
+
 	if (isatty(STDIN_FILENO) && tcgetattr(STDIN_FILENO, &saved_tio) != 0)
 		err(1, "tcgetattr");