From f61db8b983059244909bdfbd57c573947823089e Mon Sep 17 00:00:00 2001 From: deraadt Date: Mon, 24 Jul 2023 01:02:47 +0000 Subject: [PATCH] I added the 2nd argument (execpromises) to pledge(2), and then hunted for more than a year code which could use it; but in all non-trivial circumstances (programs which would benefit), I was stopped by issues (in particular by environment variable behavious). But I never looked in ldd(1). This is the FIRST one which is completely obvious. spledge(NULL, "stdio rpath") ok guenther --- libexec/ld.so/ldd/ldd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libexec/ld.so/ldd/ldd.c b/libexec/ld.so/ldd/ldd.c index 860f46318d2..9e8c5065cd8 100644 --- a/libexec/ld.so/ldd/ldd.c +++ b/libexec/ld.so/ldd/ldd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldd.c,v 1.23 2023/07/13 19:04:50 jasper Exp $ */ +/* $OpenBSD: ldd.c,v 1.24 2023/07/24 01:02:47 deraadt Exp $ */ /* * Copyright (c) 2001 Artur Grabowski * All rights reserved. @@ -183,6 +183,8 @@ doit(char *name) _exit(0); } + if (pledge(NULL, "stdio rpath") == -1) + err(1, "pledge"); execl(name, name, (char *)NULL); perror(name); _exit(1); -- 2.20.1