From f3eda427c674c9e34d70bbfd1b7ee86f93275be0 Mon Sep 17 00:00:00 2001 From: deraadt Date: Tue, 13 Oct 2015 15:55:44 +0000 Subject: [PATCH] semarie points out i am already forgetting the rules are very tight around *chown, even "proc fattr" won't let you do such a job. remove early pledge(), only leave call after fchown, before when symbol table work gets done. --- usr.sbin/kvm_mkdb/kvm_mkdb.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/usr.sbin/kvm_mkdb/kvm_mkdb.c b/usr.sbin/kvm_mkdb/kvm_mkdb.c index 6fc60649ff1..eff6a7b44ab 100644 --- a/usr.sbin/kvm_mkdb/kvm_mkdb.c +++ b/usr.sbin/kvm_mkdb/kvm_mkdb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kvm_mkdb.c,v 1.22 2015/10/13 15:43:19 deraadt Exp $ */ +/* $OpenBSD: kvm_mkdb.c,v 1.23 2015/10/13 15:55:44 deraadt Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -75,10 +75,6 @@ main(int argc, char *argv[]) warn("can't set rlimit data size"); } - /* getpwnam() and fchown() later */ - if (pledge("stdio rpath wpath cpath getpw fattr proc", NULL) == -1) - err(1, "pledge"); - strlcpy(dbdir, _PATH_VARDB, sizeof(dbdir)); while ((ch = getopt(argc, argv, "vo:")) != -1) switch (ch) { @@ -174,7 +170,7 @@ kvm_mkdb(int fd, const char *dbdir, char *nlistpath, char *nlistname, } /* rename() later */ - if (pledge("stdio cpath", NULL) == -1) + if (pledge("stdio rpath wpath cpath", NULL) == -1) err(1, "pledge"); if (create_knlist(nlistpath, fd, db) != 0) { -- 2.20.1