From c3f7dd6deabae0997562c3dcad12de368ea39913 Mon Sep 17 00:00:00 2001 From: deraadt Date: Mon, 12 Oct 2015 16:01:53 +0000 Subject: [PATCH] kvm_mkdb & dev_mkdb are quite similar. pledge "stdio rpath wpath cpath" except kvm_mkdb also does "getpw". --- usr.sbin/dev_mkdb/dev_mkdb.c | 5 ++++- usr.sbin/kvm_mkdb/kvm_mkdb.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/usr.sbin/dev_mkdb/dev_mkdb.c b/usr.sbin/dev_mkdb/dev_mkdb.c index 74a05d6d4aa..83aaf7429ec 100644 --- a/usr.sbin/dev_mkdb/dev_mkdb.c +++ b/usr.sbin/dev_mkdb/dev_mkdb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dev_mkdb.c,v 1.13 2015/01/16 06:40:16 deraadt Exp $ */ +/* $OpenBSD: dev_mkdb.c,v 1.14 2015/10/12 16:01:53 deraadt Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -61,6 +61,9 @@ main(int argc, char *argv[]) u_char buf[MAXNAMLEN + 1]; char dbtmp[PATH_MAX], dbname[PATH_MAX]; + if (pledge("stdio rpath wpath cpath", NULL) == -1) + err(1, "pledge"); + while ((ch = getopt(argc, argv, "")) != -1) switch(ch) { case '?': diff --git a/usr.sbin/kvm_mkdb/kvm_mkdb.c b/usr.sbin/kvm_mkdb/kvm_mkdb.c index 2ab71c0a749..156cd5711c2 100644 --- a/usr.sbin/kvm_mkdb/kvm_mkdb.c +++ b/usr.sbin/kvm_mkdb/kvm_mkdb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kvm_mkdb.c,v 1.20 2015/01/16 06:40:17 deraadt Exp $ */ +/* $OpenBSD: kvm_mkdb.c,v 1.21 2015/10/12 16:01:53 deraadt Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -75,6 +75,9 @@ main(int argc, char *argv[]) warn("can't set rlimit data size"); } + if (pledge("stdio rpath wpath cpath getpw", NULL) == -1) + err(1, "pledge"); + strlcpy(dbdir, _PATH_VARDB, sizeof(dbdir)); while ((ch = getopt(argc, argv, "vo:")) != -1) switch (ch) { -- 2.20.1