From: job <job@openbsd.org>
Date: Wed, 1 Sep 2021 16:04:40 +0000 (+0000)
Subject: pledge() timeout
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=811c0a7ea8642e20f1ebf7acd824cc0c1d0408aa;p=openbsd

pledge() timeout

Feedback from deraadt@
---

diff --git a/usr.bin/timeout/timeout.c b/usr.bin/timeout/timeout.c
index d2b1459aab7..6ad14e81d1b 100644
--- a/usr.bin/timeout/timeout.c
+++ b/usr.bin/timeout/timeout.c
@@ -193,11 +193,6 @@ main(int argc, char **argv)
 		SIGQUIT,
 	};
 
-	foreground = preserve = 0;
-	second_kill = 0;
-	cpid = -1;
-	pgid = -1;
-
 	const struct option longopts[] = {
 		{ "preserve-status", no_argument,       &preserve,    1 },
 		{ "foreground",      no_argument,       &foreground,  1 },
@@ -207,6 +202,14 @@ main(int argc, char **argv)
 		{ NULL,              0,                 NULL,         0 }
 	};
 
+	if (pledge("stdio proc exec", NULL) == -1)
+		err(1, "pledge");
+
+	foreground = preserve = 0;
+	second_kill = 0;
+	cpid = -1;
+	pgid = -1;
+
 	while ((ch = getopt_long(argc, argv, "+k:s:h", longopts, NULL)) != -1) {
 		switch (ch) {
 		case 'k':
@@ -276,6 +279,9 @@ main(int argc, char **argv)
 			err(1, "exec()");
 	}
 
+	if (pledge("stdio", NULL) == -1)
+		err(1, "pledge");
+
 	if (sigprocmask(SIG_BLOCK, &signals.sa_mask, NULL) == -1)
 		err(1, "sigprocmask()");