diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-10-16 07:01:53 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-10-16 07:01:53 +0000 |
| commit | 758d4455ed859072fee0597078a69b96e7f922a5 (patch) | |
| tree | 548c5c973b627f85ce2dda2bce8cd184fbbbd4e0 | |
| parent | FIOSETOWN/FIOGETOWN were added to "ioctl", but study finds no programs (diff) | |
| download | wireguard-openbsd-758d4455ed859072fee0597078a69b96e7f922a5.tar.xz wireguard-openbsd-758d4455ed859072fee0597078a69b96e7f922a5.zip | |
doug and I think the kernel has enough features to support
pledge "stdio rpath wpath cpath getpw proc exec tty" now.
It will be hard to drop many of those features unless cu becomes
privsep for the "upload" commands.
| -rw-r--r-- | usr.bin/cu/cu.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/usr.bin/cu/cu.c b/usr.bin/cu/cu.c index 8bb812a169a..efa2f4f05d7 100644 --- a/usr.bin/cu/cu.c +++ b/usr.bin/cu/cu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cu.c,v 1.23 2015/10/05 23:15:31 nicm Exp $ */ +/* $OpenBSD: cu.c,v 1.24 2015/10/16 07:01:53 deraadt Exp $ */ /* * Copyright (c) 2012 Nicholas Marriott <nicm@openbsd.org> @@ -79,6 +79,10 @@ main(int argc, char **argv) char *tmp, *s, *host; int opt, i, flags; + if (pledge("stdio rpath wpath cpath getpw proc exec tty", + NULL) == -1) + err(1, "pledge"); + if (isatty(STDIN_FILENO) && tcgetattr(STDIN_FILENO, &saved_tio) != 0) err(1, "tcgetattr"); |