From 4e7a7ade8c378113fb9de224a8f3c8aa1de4fdcd Mon Sep 17 00:00:00 2001 From: nicm Date: Fri, 23 Oct 2015 16:07:29 +0000 Subject: [PATCH] tmux can call pledge() in main with large set and then reduce it slightly in the server to "stdio rpath wpath cpath fattr unix recvfd proc exec tty ps". --- usr.bin/tmux/server.c | 6 +++++- usr.bin/tmux/tmux.c | 7 ++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/usr.bin/tmux/server.c b/usr.bin/tmux/server.c index b8c892c95ae..741b7ed0b72 100644 --- a/usr.bin/tmux/server.c +++ b/usr.bin/tmux/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.142 2015/10/22 10:48:30 nicm Exp $ */ +/* $OpenBSD: server.c,v 1.143 2015/10/23 16:07:29 nicm Exp $ */ /* * Copyright (c) 2007 Nicholas Marriott @@ -178,6 +178,10 @@ server_start(struct event_base *base, int lockfd, char *lockfile) } close(pair[0]); + if (pledge("stdio rpath wpath cpath fattr unix recvfd proc exec tty " + "ps", NULL) != 0) + fatal("pledge failed"); + /* * Must daemonise before loading configuration as the PID changes so * $TMUX would be wrong for sessions created in the config file. diff --git a/usr.bin/tmux/tmux.c b/usr.bin/tmux/tmux.c index 91d28dab528..11fde3a0a91 100644 --- a/usr.bin/tmux/tmux.c +++ b/usr.bin/tmux/tmux.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tmux.c,v 1.144 2015/09/14 12:12:24 nicm Exp $ */ +/* $OpenBSD: tmux.c,v 1.145 2015/10/23 16:07:29 nicm Exp $ */ /* * Copyright (c) 2007 Nicholas Marriott @@ -19,6 +19,7 @@ #include #include +#include #include #include #include @@ -254,6 +255,10 @@ main(int argc, char **argv) if (shell_cmd != NULL && argc != 0) usage(); + if (pledge("stdio rpath wpath cpath flock fattr unix sendfd recvfd " + "proc exec tty ps", NULL) != 0) + err(1, "pledge"); + if (!(flags & CLIENT_UTF8)) { /* * If the user has set whichever of LC_ALL, LC_CTYPE or LANG -- 2.20.1