pledge "stdio rpath wpath getpw inet tty" at startup. After opening

the socket and entering the main loop, pledge "stdio tty".

For my next trick, I will be adding chacha20-poly1305 support.

2 files changed, 13 insertions, 2 deletions

diff --git a/usr.bin/telnet/main.c b/usr.bin/telnet/main.c
index eac5c34331f..2e5eb2c7912 100644
--- a/usr.bin/telnet/main.c
+++ b/usr.bin/telnet/main.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.32 2015/11/13 17:04:48 deraadt Exp $	*/
+/*	$OpenBSD: main.c,v 1.33 2015/11/13 17:13:59 deraadt Exp $	*/
 /*	$NetBSD: main.c,v 1.5 1996/02/28 21:04:05 thorpej Exp $	*/
 
 /*
@@ -80,6 +80,11 @@ main(int argc, char *argv[])
 	char *user, *alias;
 	const char *errstr;
 
+	if (pledge("stdio rpath wpath getpw inet tty", NULL) == -1) {
+		perror("pledge");
+		exit(1);
+	}
+
 	tninit();		/* Clear out things */
 
 	TerminalSaveState();
diff --git a/usr.bin/telnet/telnet.c b/usr.bin/telnet/telnet.c
index acf914d92c4..444ff1f0bd6 100644
--- a/usr.bin/telnet/telnet.c
+++ b/usr.bin/telnet/telnet.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: telnet.c,v 1.31 2015/11/13 17:01:12 deraadt Exp $	*/
+/*	$OpenBSD: telnet.c,v 1.32 2015/11/13 17:13:59 deraadt Exp $	*/
 /*	$NetBSD: telnet.c,v 1.7 1996/02/28 21:04:15 thorpej Exp $	*/
 
 /*
@@ -36,6 +36,7 @@
 #include <ctype.h>
 #include <curses.h>
 #include <stdlib.h>
+#include <unistd.h>
 #include <string.h>
 #include <term.h>
 
@@ -1838,6 +1839,11 @@ telnet(char *user)
 {
     sys_telnet_init();
 
+    if (pledge("stdio tty", NULL) == -1) {
+	perror("pledge");
+	exit(1);
+    }
+
     if (telnetport) {
 	send_do(TELOPT_SGA, 1);
 	send_will(TELOPT_TTYPE, 1);