From: naddy Date: Sat, 17 Oct 2015 21:34:07 +0000 (+0000) Subject: Tighten pledge: We only write to stdio and never to any files if X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=e8dc0357218dcf72f3bb6c2af3edf8a339dd44ae;p=openbsd Tighten pledge: We only write to stdio and never to any files if in cat mode (-c, zcat), or in test mode (-t), or if there are no file arguments and there is no -o outfile. Due to fts(3) we require rpath even for compress out. "seems sound" deraadt@ --- diff --git a/usr.bin/compress/main.c b/usr.bin/compress/main.c index 1793da7132d..c359ba0e059 100644 --- a/usr.bin/compress/main.c +++ b/usr.bin/compress/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.89 2015/10/09 01:37:07 deraadt Exp $ */ +/* $OpenBSD: main.c,v 1.90 2015/10/17 21:34:07 naddy Exp $ */ /* * Copyright (c) 1992, 1993 @@ -332,6 +332,10 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; + if (cflag || testmode || (!oflag && argc == 0)) + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); + if (argc == 0) { argv = calloc(2, sizeof(char *)); if (argv == NULL)