From: deraadt <deraadt@openbsd.org>
Date: Fri, 9 Oct 2015 17:09:06 +0000 (+0000)
Subject: With nfs spool (fork + seteuid/setuid balony) support gone, it becomes
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=9c96c22eba475b677837552a382945d1624f631f;p=openbsd

With nfs spool (fork + seteuid/setuid balony) support gone, it becomes
possible to pledge "stdio rpath wpath tty proc"
Noone uses this code anymore.  This is a demonstration...
---

diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c
index af26c73000c..d0836b7ef36 100644
--- a/libexec/comsat/comsat.c
+++ b/libexec/comsat/comsat.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: comsat.c,v 1.41 2015/10/09 17:07:21 deraadt Exp $	*/
+/*	$OpenBSD: comsat.c,v 1.42 2015/10/09 17:09:06 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1980, 1993
@@ -52,6 +52,7 @@
 #include <unistd.h>
 #include <utmp.h>
 #include <vis.h>
+#include <err.h>
 
 int	debug = 0;
 #define	dsyslog	if (debug) syslog
@@ -82,6 +83,9 @@ main(int argc, char *argv[])
 	char msgbuf[100];
 	sigset_t sigset;
 
+	if (pledge("stdio rpath wpath tty proc", NULL) == -1)
+		err(1, "pledge");
+
 	/* verify proper invocation */
 	fromlen = sizeof(from);
 	if (getsockname(0, (struct sockaddr *)&from, &fromlen) == -1) {