From 0b6ac1ffaf941117cb666889705629f297c7d79f Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Mon, 12 Oct 2015 22:01:08 +0000
Subject: [PATCH] surprisingly, this can pledge "stdio rpath exec" right at
 start. once the config file is opened, it can pledge "stdio exec", and be on
 its merry way to start the real MTA

---
 usr.sbin/mailwrapper/mailwrapper.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/usr.sbin/mailwrapper/mailwrapper.c b/usr.sbin/mailwrapper/mailwrapper.c
index bc6e1505924..8c01b87b90f 100644
--- a/usr.sbin/mailwrapper/mailwrapper.c
+++ b/usr.sbin/mailwrapper/mailwrapper.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mailwrapper.c,v 1.19 2014/10/08 04:27:32 deraadt Exp $	*/
+/*	$OpenBSD: mailwrapper.c,v 1.20 2015/10/12 22:01:08 deraadt Exp $	*/
 /*	$NetBSD: mailwrapper.c,v 1.2 1999/02/20 22:10:07 thorpej Exp $	*/
 
 /*
@@ -89,6 +89,9 @@ main(int argc, char *argv[], char *envp[])
 	size_t len, lineno = 0;
 	struct arglist al;
 
+	if (pledge("stdio rpath exec", NULL) == -1)
+		err(1, "pledge");
+
 	/* change __progname to mailwrapper so we get sensible error messages */
 	progname = __progname;
 	__progname = "mailwrapper";
@@ -97,7 +100,12 @@ main(int argc, char *argv[], char *envp[])
 	for (len = 0; len < argc; len++)
 		addarg(&al, argv[len], 0);
 
-	if ((config = fopen(_PATH_MAILERCONF, "r")) == NULL) {
+	config = fopen(_PATH_MAILERCONF, "r");
+
+	if (pledge("stdio exec", NULL) == -1)
+		err(1, "pledge");
+
+	if (config == NULL) {
 		addarg(&al, NULL, 0);
 		openlog(__progname, LOG_PID, LOG_MAIL);
 		syslog(LOG_INFO, "cannot open %s, using %s as default MTA",
-- 
2.20.1