From 12996ffa3223b6b3ef6d449c570f5e5c36a6399f Mon Sep 17 00:00:00 2001 From: mestre Date: Tue, 25 Sep 2018 06:43:20 +0000 Subject: [PATCH] Remove initial pledge(2) that doesn't give us much protection since it's so short lived, we either go directly exiting the program or just a few lines below we call pledge(2) again, where it actually should be, and with really reduced promises. Next commit will restrict further access to the filesystem through unveil(2). OK deraadt@ kn@ --- usr.bin/getent/getent.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/usr.bin/getent/getent.c b/usr.bin/getent/getent.c index bf4fa22a9b9..9da7ac5c757 100644 --- a/usr.bin/getent/getent.c +++ b/usr.bin/getent/getent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getent.c,v 1.14 2016/02/01 19:57:28 jca Exp $ */ +/* $OpenBSD: getent.c,v 1.15 2018/09/25 06:43:20 mestre Exp $ */ /* $NetBSD: getent.c,v 1.7 2005/08/24 14:31:02 ginsbach Exp $ */ /*- @@ -95,9 +95,6 @@ main(int argc, char *argv[]) { struct getentdb *curdb; - if (pledge("stdio dns rpath getpw", NULL) == -1) - err(1, "pledge"); - if (argc < 2) usage(); for (curdb = databases; curdb->name != NULL; curdb++) { -- 2.20.1