From: deraadt <deraadt@openbsd.org>
Date: Mon, 24 Jul 2023 01:02:47 +0000 (+0000)
Subject: I added the 2nd argument (execpromises) to pledge(2), and then hunted
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=f61db8b983059244909bdfbd57c573947823089e;p=openbsd

I added the 2nd argument (execpromises) to pledge(2), and then hunted
for more than a year code which could use it; but in all non-trivial
circumstances (programs which would benefit), I was stopped by issues
(in particular by environment variable behavious).  But I never looked
in ldd(1).  This is the FIRST one which is completely obvious.
spledge(NULL, "stdio rpath")
ok guenther
---

diff --git a/libexec/ld.so/ldd/ldd.c b/libexec/ld.so/ldd/ldd.c
index 860f46318d2..9e8c5065cd8 100644
--- a/libexec/ld.so/ldd/ldd.c
+++ b/libexec/ld.so/ldd/ldd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ldd.c,v 1.23 2023/07/13 19:04:50 jasper Exp $	*/
+/*	$OpenBSD: ldd.c,v 1.24 2023/07/24 01:02:47 deraadt Exp $	*/
 /*
  * Copyright (c) 2001 Artur Grabowski <art@openbsd.org>
  * All rights reserved.
@@ -183,6 +183,8 @@ doit(char *name)
 			_exit(0);
 		}
 
+		if (pledge(NULL, "stdio rpath") == -1)
+			err(1, "pledge");
 		execl(name, name, (char *)NULL);
 		perror(name);
 		_exit(1);