this cpp operates file using pledge "stdio rpath wpath cpath"

author: deraadt <deraadt@openbsd.org> 2015-10-09 12:20:18 +0000
committer: deraadt <deraadt@openbsd.org> 2015-10-09 12:20:18 +0000
commit: 16b2abb210c365c28b3b35b8f1ee796a55682dad (patch)
tree: 4b538da81c50a4d57055833a140e6f907f2b5edf /libexec/tradcpp
parent: Tame syslogd privsep child with "stdio rpath unix inet recvfd". (diff)
download: wireguard-openbsd-16b2abb210c365c28b3b35b8f1ee796a55682dad.tar.xz
wireguard-openbsd-16b2abb210c365c28b3b35b8f1ee796a55682dad.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/libexec/tradcpp/main.c b/libexec/tradcpp/main.c
index eae7f44632d..267c279be5e 100644
--- a/libexec/tradcpp/main.c
+++ b/libexec/tradcpp/main.c
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <stdarg.h>
 #include <stdlib.h>
+#include <unistd.h>
 #include <string.h>
 #include <errno.h>
 
@@ -1037,6 +1038,11 @@ main(int argc, char *argv[])
 	progname = progname == NULL ? argv[0] : progname + 1;
 	complain_init(progname);
 
+	if (pledge("stdio rpath wpath cpath", NULL) == -1) {
+		fprintf(stderr, "%s: pledge: %s", progname, strerror(errno));
+		exit(1);
+	}
+
 	init();
 
 	for (i=1; i<argc; i++) {
author	deraadt <deraadt@openbsd.org>	2015-10-09 12:20:18 +0000
committer	deraadt <deraadt@openbsd.org>	2015-10-09 12:20:18 +0000
commit	16b2abb210c365c28b3b35b8f1ee796a55682dad (patch)
tree	4b538da81c50a4d57055833a140e6f907f2b5edf /libexec/tradcpp
parent	Tame syslogd privsep child with "stdio rpath unix inet recvfd". (diff)
download	wireguard-openbsd-16b2abb210c365c28b3b35b8f1ee796a55682dad.tar.xz wireguard-openbsd-16b2abb210c365c28b3b35b8f1ee796a55682dad.zip