From 7c00040f35b70a977ec796a4df536495f1c94e9d Mon Sep 17 00:00:00 2001
From: mestre <mestre@openbsd.org>
Date: Thu, 11 Nov 2021 08:42:31 +0000
Subject: [PATCH] There's no need to call pledge(2) so many times, or on many
 places, with the same promises, just call it once before the switch case
 while at the same time hoisting one unveil(2) so they are all grouped.

The call to pledge(2) on file() can also be simplified since "stdio rpath getpw"
will already be activated when we reach it.

OK deraadt@
---
 usr.bin/who/who.c | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/usr.bin/who/who.c b/usr.bin/who/who.c
index 13e911eccd0..587865c2b3d 100644
--- a/usr.bin/who/who.c
+++ b/usr.bin/who/who.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: who.c,v 1.31 2021/11/10 15:06:24 schwarze Exp $	*/
+/*	$OpenBSD: who.c,v 1.32 2021/11/11 08:42:31 mestre Exp $	*/
 /*	$NetBSD: who.c,v 1.4 1994/12/07 04:28:49 jtc Exp $	*/
 
 /*
@@ -125,10 +125,15 @@ main(int argc, char *argv[])
 		if (unveil(_PATH_DEV, "r") == -1)
 			err(1, "unveil %s", _PATH_DEV);
 	}
+	if (argc == 1) {
+		if (unveil(*argv, "r") == -1)
+			err(1, "unveil %s", *argv);
+	}
+	if (pledge("stdio rpath getpw", NULL) == -1)
+		err(1, "pledge");
+
 	switch (argc) {
 	case 0:					/* who */
-		if (pledge("stdio rpath getpw", NULL) == -1)
-			err(1, "pledge");
 		ufp = file(_PATH_UTMP);
 
 		if (only_current_term) {
@@ -155,10 +160,6 @@ main(int argc, char *argv[])
 		}
 		break;
 	case 1:					/* who utmp_file */
-		if (unveil(*argv, "r") == -1)
-			err(1, "unveil %s", *argv);
-		if (pledge("stdio rpath getpw", NULL) == -1)
-			err(1, "pledge");
 		ufp = file(*argv);
 
 		if (only_current_term) {
@@ -184,8 +185,6 @@ main(int argc, char *argv[])
 		}
 		break;
 	case 2:					/* who am i */
-		if (pledge("stdio rpath getpw", NULL) == -1)
-			err(1, "pledge");
 		ufp = file(_PATH_UTMP);
 		who_am_i(ufp);
 		break;
@@ -301,10 +300,7 @@ file(char *name)
 		err(1, "%s", name);
 		/* NOTREACHED */
 	}
-	if (show_term || show_idle) {
-		if (pledge("stdio rpath getpw", NULL) == -1)
-			err(1, "pledge");
-	} else {
+	if (!show_term && !show_idle) {
 		if (pledge("stdio getpw", NULL) == -1)
 			err(1, "pledge");
 	}
-- 
2.20.1