From f4b29b6406c67989fc035e5b0be322229fcf930f Mon Sep 17 00:00:00 2001 From: bmercer Date: Thu, 22 Oct 2015 23:56:30 +0000 Subject: [PATCH] Add pledge support to login_yubikey. Much feedback and OK millert@ --- libexec/login_yubikey/login_yubikey.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libexec/login_yubikey/login_yubikey.c b/libexec/login_yubikey/login_yubikey.c index f6deb08ef67..d5ac8edebe4 100644 --- a/libexec/login_yubikey/login_yubikey.c +++ b/libexec/login_yubikey/login_yubikey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: login_yubikey.c,v 1.12 2015/10/05 16:09:56 deraadt Exp $ */ +/* $OpenBSD: login_yubikey.c,v 1.13 2015/10/22 23:56:30 bmercer Exp $ */ /* * Copyright (c) 2010 Daniel Hartmeier @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -68,6 +69,12 @@ main(int argc, char *argv[]) char response[1024]; setpriority(PRIO_PROCESS, 0, 0); + + if (pledge("stdio tty wpath rpath cpath", NULL) == -1) { + syslog(LOG_AUTH|LOG_ERR, "pledge: %m"); + exit(EXIT_FAILURE); + } + openlog(NULL, LOG_ODELAY, LOG_AUTH); while ((ch = getopt(argc, argv, "dv:s:")) != -1) { -- 2.20.1