From c1124cbd3c7e980fd4a2b456d25390fe650095f5 Mon Sep 17 00:00:00 2001 From: doug Date: Fri, 16 Oct 2015 05:35:19 +0000 Subject: [PATCH] Pledge for ftp(1) in non-interactive mode. We will iterate and remove some of the pledges in the future. This is conservative for now. Tested by sthen@ and myself. ok deraadt@ --- usr.bin/ftp/main.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/usr.bin/ftp/main.c b/usr.bin/ftp/main.c index 3b1bc010574..6b7dc346fd1 100644 --- a/usr.bin/ftp/main.c +++ b/usr.bin/ftp/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.102 2015/02/22 15:09:54 jsing Exp $ */ +/* $OpenBSD: main.c,v 1.103 2015/10/16 05:35:19 doug Exp $ */ /* $NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $ */ /* @@ -442,6 +442,28 @@ main(volatile int argc, char *argv[]) if (argc > 0) { if (isurl(argv[0])) { + if (pipeout) { +#ifndef SMALL + if (pledge("stdio rpath tty inet fattr", + NULL) == -1) + err(1, "pledge"); +#else + if (pledge("stdio rpath tty inet proc exec fattr", + NULL) == -1) + err(1, "pledge"); +#endif + } else { +#ifndef SMALL + if (pledge("stdio rpath wpath cpath tty inet fattr", + NULL) == -1) + err(1, "pledge"); +#else + if (pledge("stdio rpath wpath cpath tty inet proc exec fattr", + NULL) == -1) + err(1, "pledge"); +#endif + } + rval = auto_fetch(argc, argv, outfile); if (rval >= 0) /* -1 == connected and cd-ed */ exit(rval); -- 2.20.1