From 6d14ac70c63e3d083fd67cb36b6d1da9b47998c7 Mon Sep 17 00:00:00 2001 From: deraadt Date: Thu, 8 Oct 2015 14:49:27 +0000 Subject: [PATCH] tame "stdio rpath wpath cpath proc exec". make is a shell, and appears to only need these operations. Take note that "exec" is a 2-day old tame request, so do get a new kernel before you update or risk getting trapped. --- usr.bin/make/main.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/usr.bin/make/main.c b/usr.bin/make/main.c index faba8690ceb..891d8602b3a 100644 --- a/usr.bin/make/main.c +++ b/usr.bin/make/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.112 2015/10/07 14:16:09 deraadt Exp $ */ +/* $OpenBSD: main.c,v 1.113 2015/10/08 14:49:27 deraadt Exp $ */ /* $NetBSD: main.c,v 1.34 1997/03/24 20:56:36 gwr Exp $ */ /* @@ -192,6 +192,9 @@ MainParseArgs(int argc, char **argv) #define OPTFLAGS "BC:D:I:SV:d:ef:ij:km:npqrst" #define OPTLETTERS "BSiknpqrst" + if (tame("stdio rpath wpath cpath proc exec", NULL) == -1) + err(1, "tame"); + optind = 1; /* since we're called more than once */ optreset = 1; optend = 0; -- 2.20.1