diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-10-23 03:44:59 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-10-23 03:44:59 +0000 |
| commit | 5d0cca7744cef05bdc6bf0a76149c923ca78b697 (patch) | |
| tree | e9492a38b67d80005215a748cd458b03e1b54af1 | |
| parent | With new pledge "ps" and "vminfo" requests, ps/top/w become possible. (diff) | |
| download | wireguard-openbsd-5d0cca7744cef05bdc6bf0a76149c923ca78b697.tar.xz wireguard-openbsd-5d0cca7744cef05bdc6bf0a76149c923ca78b697.zip | |
pledge "stdio rpath getpw proc exec id" at start, much like doas.
2 further pledges are possible, not as many as doas can do, because the
order of some su operations is a bit different. also it is trying
harder to please non-root nfs mounts?
| -rw-r--r-- | usr.bin/su/su.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index 7d88768f62f..eb21b96dc60 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -1,4 +1,4 @@ -/* $OpenBSD: su.c,v 1.67 2015/04/15 02:12:00 deraadt Exp $ */ +/* $OpenBSD: su.c,v 1.68 2015/10/23 03:44:59 deraadt Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. @@ -73,6 +73,9 @@ main(int argc, char **argv) uid_t ruid; u_int flags; + if (pledge("stdio rpath getpw proc exec id", NULL) == -1) + err(1, "pledge"); + while ((ch = getopt(argc, argv, "a:c:fKLlms:-")) != -1) switch (ch) { case 'a': @@ -212,6 +215,9 @@ main(int argc, char **argv) fprintf(stderr, "Login incorrect\n"); } + if (pledge("stdio rpath exec id", NULL) == -1) + err(1, "pledge"); + if (!altshell) { if (asme) { /* if asme and non-std target shell, must be root */ @@ -323,6 +329,10 @@ main(int argc, char **argv) } if (setusercontext(lc, pwd, pwd->pw_uid, flags) != 0) auth_err(as, 1, "unable to set user context"); + + if (pledge("stdio rpath exec", NULL) == -1) + err(1, "pledge"); + if (pwd->pw_uid && auth_approval(as, lc, pwd->pw_name, "su") <= 0) auth_err(as, 1, "approval failure"); auth_close(as); |