From e8dc0357218dcf72f3bb6c2af3edf8a339dd44ae Mon Sep 17 00:00:00 2001 From: naddy Date: Sat, 17 Oct 2015 21:34:07 +0000 Subject: [PATCH] Tighten pledge: We only write to stdio and never to any files if in cat mode (-c, zcat), or in test mode (-t), or if there are no file arguments and there is no -o outfile. Due to fts(3) we require rpath even for compress out. "seems sound" deraadt@ --- usr.bin/compress/main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/usr.bin/compress/main.c b/usr.bin/compress/main.c index 1793da7132d..c359ba0e059 100644 --- a/usr.bin/compress/main.c +++ b/usr.bin/compress/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.89 2015/10/09 01:37:07 deraadt Exp $ */ +/* $OpenBSD: main.c,v 1.90 2015/10/17 21:34:07 naddy Exp $ */ /* * Copyright (c) 1992, 1993 @@ -332,6 +332,10 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; + if (cflag || testmode || (!oflag && argc == 0)) + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); + if (argc == 0) { argv = calloc(2, sizeof(char *)); if (argv == NULL) -- 2.20.1