From efe28ca993a16b8a17675f5808b6274507d44f3e Mon Sep 17 00:00:00 2001 From: deraadt Date: Mon, 12 Oct 2015 01:40:09 +0000 Subject: [PATCH] pledge() "stdio" includes trusting open&read of the root-owned timezone databases located at system paths (a reasonable bar had to be chosen; in the future we can replace the interfaces, since this effort is identifying them and placing their paths in a visble place), so this program only needs "stdio" ok doug --- usr.sbin/zdump/zdump.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/usr.sbin/zdump/zdump.c b/usr.sbin/zdump/zdump.c index 20261861858..f3f38be2428 100644 --- a/usr.sbin/zdump/zdump.c +++ b/usr.sbin/zdump/zdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: zdump.c,v 1.10 2015/04/23 05:26:33 deraadt Exp $ */ +/* $OpenBSD: zdump.c,v 1.11 2015/10/12 01:40:09 deraadt Exp $ */ /* ** This file is in the public domain, so clarified as of ** 2009-05-17 by Arthur David Olson. @@ -121,6 +121,9 @@ main(int argc, char *argv[]) struct tm tm, newtm, *tmp, *newtmp; char **fakeenv; + if (pledge("stdio", NULL) == -1) + perror("pledge"); + while ((c = getopt(argc, argv, "c:v")) == 'c' || c == 'v') { switch (c) { case 'v': -- 2.20.1