4-step pledge in a program noone really uses anymore.

pledge "stdio inet dns proc exec" at startup.
In the logging codepath, "stdio dns proc exec" after getpeername()
drop to stdio proc exec(), before fork / execve
Parent moving data out of the pipe only needs "stdio"

1 files changed, 14 insertions, 1 deletions

diff --git a/libexec/fingerd/fingerd.c b/libexec/fingerd/fingerd.c
index 2ac0e34e1d0..e93effce434 100644
--- a/libexec/fingerd/fingerd.c
+++ b/libexec/fingerd/fingerd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: fingerd.c,v 1.38 2015/11/13 01:23:59 deraadt Exp $	*/
+/*	$OpenBSD: fingerd.c,v 1.39 2015/11/13 01:26:33 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1983, 1993
@@ -68,6 +68,9 @@ main(int argc, char *argv[])
 	char **ap, *av[ENTRIES + 1], line[8192], *lp, *hname;
 	char hostbuf[HOST_NAME_MAX+1];
 
+	if (pledge("stdio inet dns proc exec", NULL) == -1)
+		err(1, "pledge");
+
 	prog = _PATH_FINGER;
 	logging = secure = user_required = short_list = 0;
 	openlog("fingerd", LOG_PID, LOG_DAEMON);
@@ -117,6 +120,10 @@ main(int argc, char *argv[])
 		if (getpeername(0, (struct sockaddr *)&ss, &sval) < 0)
 			err(1, "getpeername");
 		sa = (struct sockaddr *)&ss;
+
+		if (pledge("stdio dns proc exec", NULL) == -1)
+			err(1, "pledge");
+
 		if (getnameinfo(sa, sa->sa_len, hostbuf, sizeof(hostbuf),
 		    NULL, 0, 0) != 0) {
 			strlcpy(hostbuf, "?", sizeof(hostbuf));
@@ -124,6 +131,9 @@ main(int argc, char *argv[])
 		hname = hostbuf;
 	}
 
+	if (pledge("stdio proc exec", NULL) == -1)
+		err(1, "pledge");
+
 	if (fgets(line, sizeof(line), stdin) == NULL) {
 		if (logging)
 			syslog(LOG_NOTICE, "query from %s: %s", hname,
@@ -201,6 +211,9 @@ main(int argc, char *argv[])
 	case -1:
 		logerr("fork: %s", strerror(errno));
 	}
+	if (pledge("stdio", NULL) == -1)
+		err(1, "pledge");
+
 	(void) close(p[1]);
 	if (!(fp = fdopen(p[0], "r")))
 		logerr("fdopen: %s", strerror(errno));