diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-11-16 18:35:31 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-11-16 18:35:31 +0000 |
| commit | 8aa0c8fbc0befba1ef2fb9f8d715fe89333de4f2 (patch) | |
| tree | 2e6ce7a650b1f984a4a65674acdad36b322e973b | |
| parent | Permit revoke(2) for a pledge "rpath tty" (diff) | |
| download | wireguard-openbsd-8aa0c8fbc0befba1ef2fb9f8d715fe89333de4f2.tar.xz wireguard-openbsd-8aa0c8fbc0befba1ef2fb9f8d715fe89333de4f2.zip | |
initially, pledge "stdio rpath wpath cpath getpw tty id proc exec", yes
it sounds like a lot, but this will eventually run the /etc/rc scripts
to shutdown, then run reboot or halt. After looking at getpw*, drop
pledge "getpw". Later drop to just "stdio exec"...
This depends on new pledge semantics for revoke(2).
with help from jca
ok guenther millert semarie tedu jca
| -rw-r--r-- | sbin/shutdown/shutdown.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/sbin/shutdown/shutdown.c b/sbin/shutdown/shutdown.c index c06fc409a80..f85f10318f8 100644 --- a/sbin/shutdown/shutdown.c +++ b/sbin/shutdown/shutdown.c @@ -1,4 +1,4 @@ -/* $OpenBSD: shutdown.c,v 1.43 2015/04/23 02:13:18 deraadt Exp $ */ +/* $OpenBSD: shutdown.c,v 1.44 2015/11/16 18:35:31 deraadt Exp $ */ /* $NetBSD: shutdown.c,v 1.9 1995/03/18 15:01:09 cgd Exp $ */ /* @@ -108,6 +108,9 @@ main(int argc, char *argv[]) char *p, *endp; pid_t forkpid; + if (pledge("stdio rpath wpath cpath getpw tty id proc exec", NULL) == -1) + err(1, "pledge"); + #ifndef DEBUG if (geteuid()) errx(1, "NOT super-user"); @@ -343,6 +346,10 @@ die_you_gravy_sucking_pig_dog(void) } if (dofast) doitfast(); + + if (pledge("stdio rpath wpath cpath tty id proc exec", NULL) == -1) + err(1, "pledge"); + #ifdef DEBUG if (doreboot) (void)printf("reboot"); @@ -362,6 +369,9 @@ die_you_gravy_sucking_pig_dog(void) char *args[10]; char **arg, *path; + if (pledge("stdio exec", NULL) == -1) + err(1, "pledge"); + arg = &args[0]; if (doreboot) { path = _PATH_REBOOT; |