diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-10-07 05:21:41 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-10-07 05:21:41 +0000 |
| commit | 2d32f956391cdea65f5c95f5446cb8b471520e8a (patch) | |
| tree | b80542f34803653225831b92640a8ed304c30d54 | |
| parent | move from tame "ioctl" to tame "tty", which provides a better fit for (diff) | |
| download | wireguard-openbsd-2d32f956391cdea65f5c95f5446cb8b471520e8a.tar.xz wireguard-openbsd-2d32f956391cdea65f5c95f5446cb8b471520e8a.zip | |
tame "stdio inet rpath cpath wpath proc" seems to be sufficient for
all the wading in here. "proc" is for the speed command, which fork()'s.
ok doug
| -rw-r--r-- | usr.bin/openssl/openssl.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/usr.bin/openssl/openssl.c b/usr.bin/openssl/openssl.c index 08132e8f96e..21a5aa60184 100644 --- a/usr.bin/openssl/openssl.c +++ b/usr.bin/openssl/openssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: openssl.c,v 1.13 2015/09/21 13:13:06 bcook Exp $ */ +/* $OpenBSD: openssl.c,v 1.14 2015/10/07 05:21:41 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -114,6 +114,7 @@ #include <stdio.h> #include <string.h> #include <stdlib.h> +#include <unistd.h> #include "apps.h" @@ -435,6 +436,11 @@ main(int argc, char **argv) arg.data = NULL; arg.count = 0; + if (tame("stdio inet rpath cpath wpath proc", NULL) == -1) { + fprintf(stderr, "openssl: tame: %s\n", strerror(errno)); + exit(1); + } + bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); if (bio_err == NULL) { fprintf(stderr, "openssl: failed to initialise bio_err\n"); |