From 5d0cca7744cef05bdc6bf0a76149c923ca78b697 Mon Sep 17 00:00:00 2001
From: deraadt <deraadt@openbsd.org>
Date: Fri, 23 Oct 2015 03:44:59 +0000
Subject: [PATCH] pledge "stdio rpath getpw proc exec id" at start, much like
 doas. 2 further pledges are possible, not as many as doas can do, because the
 order of some su operations is a bit different.  also it is trying harder to
 please non-root nfs mounts?

---
 usr.bin/su/su.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c
index 7d88768f62f..eb21b96dc60 100644
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: su.c,v 1.67 2015/04/15 02:12:00 deraadt Exp $	*/
+/*	$OpenBSD: su.c,v 1.68 2015/10/23 03:44:59 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1988 The Regents of the University of California.
@@ -73,6 +73,9 @@ main(int argc, char **argv)
 	uid_t ruid;
 	u_int flags;
 
+	if (pledge("stdio rpath getpw proc exec id", NULL) == -1)
+		err(1, "pledge");
+
 	while ((ch = getopt(argc, argv, "a:c:fKLlms:-")) != -1)
 		switch (ch) {
 		case 'a':
@@ -212,6 +215,9 @@ main(int argc, char **argv)
 		fprintf(stderr, "Login incorrect\n");
 	}
 
+	if (pledge("stdio rpath exec id", NULL) == -1)
+		err(1, "pledge");
+
 	if (!altshell) {
 		if (asme) {
 			/* if asme and non-std target shell, must be root */
@@ -323,6 +329,10 @@ main(int argc, char **argv)
 	}
 	if (setusercontext(lc, pwd, pwd->pw_uid, flags) != 0)
 		auth_err(as, 1, "unable to set user context");
+
+	if (pledge("stdio rpath exec", NULL) == -1)
+		err(1, "pledge");
+
 	if (pwd->pw_uid && auth_approval(as, lc, pwd->pw_name, "su") <= 0)
 		auth_err(as, 1, "approval failure");
 	auth_close(as);
-- 
2.20.1