From 19a58c97c6ac669df6ffb98319f0862ab85f223b Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Fri, 3 Aug 2018 15:14:18 +0000
Subject: [PATCH] Move pledge to after getopt, when the finger program becomes
 known (defaults to /usr/bin/finger, but can be redefined with -P option).
 Then unveil that program for "x" (execution), and pledge as before. No other
 filesystem accesses occur after that point.

---
 libexec/fingerd/fingerd.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/libexec/fingerd/fingerd.c b/libexec/fingerd/fingerd.c
index e93effce434..647b6f57cbc 100644
--- a/libexec/fingerd/fingerd.c
+++ b/libexec/fingerd/fingerd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: fingerd.c,v 1.39 2015/11/13 01:26:33 deraadt Exp $	*/
+/*	$OpenBSD: fingerd.c,v 1.40 2018/08/03 15:14:18 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1983, 1993
@@ -68,9 +68,6 @@ main(int argc, char *argv[])
 	char **ap, *av[ENTRIES + 1], line[8192], *lp, *hname;
 	char hostbuf[HOST_NAME_MAX+1];
 
-	if (pledge("stdio inet dns proc exec", NULL) == -1)
-		err(1, "pledge");
-
 	prog = _PATH_FINGER;
 	logging = secure = user_required = short_list = 0;
 	openlog("fingerd", LOG_PID, LOG_DAEMON);
@@ -111,6 +108,11 @@ main(int argc, char *argv[])
 			usage();
 		}
 
+	if (unveil(prog, "x") == -1)
+		err(1, "unveil");
+	if (pledge("stdio inet dns proc exec", NULL) == -1)
+		err(1, "pledge");
+
 	if (logging) {
 		struct sockaddr_storage ss;
 		struct sockaddr *sa;
-- 
2.20.1