diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-10-14 16:58:55 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-10-14 16:58:55 +0000 |
| commit | c0c611b7d51f68b61b6e3eea76f604bbb21048f3 (patch) | |
| tree | fd00d15f4a2a4dd8825ba5d66836a9536128fa2f /sbin/fsck_msdos | |
| parent | Copy permissions AND ownership when -o will override an input file. (diff) | |
| download | wireguard-openbsd-c0c611b7d51f68b61b6e3eea76f604bbb21048f3.tar.xz wireguard-openbsd-c0c611b7d51f68b61b6e3eea76f604bbb21048f3.zip | |
Since the fsck_* programs now only handle one filesystem, this creates
a point where open() and disklabel reading have completed. After that
point, pledge "stdio".
As a result, an fsck of a hostile partition (noone ever does that, or
do they? :) is done by a program with SUBSTANTIALLY less system call
exposure.
ok semarie
Diffstat (limited to 'sbin/fsck_msdos')
| -rw-r--r-- | sbin/fsck_msdos/check.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sbin/fsck_msdos/check.c b/sbin/fsck_msdos/check.c index 952e0901f1a..bfe9450f2b1 100644 --- a/sbin/fsck_msdos/check.c +++ b/sbin/fsck_msdos/check.c @@ -1,4 +1,4 @@ -/* $OpenBSD: check.c,v 1.17 2015/01/16 06:39:58 deraadt Exp $ */ +/* $OpenBSD: check.c,v 1.18 2015/10/14 16:58:55 deraadt Exp $ */ /* $NetBSD: check.c,v 1.8 1997/10/17 11:19:29 ws Exp $ */ /* @@ -38,6 +38,7 @@ #include <limits.h> #include <fcntl.h> #include <util.h> +#include <err.h> #include "ext.h" @@ -77,6 +78,9 @@ checkfilesys(const char *fname) if (ioctl(dosfs, DIOCGDINFO, (char *)&lab) < 0) pfatal("can't read disk label for %s\n", fname); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); + if (readboot(dosfs, &boot) != FSOK) { (void)close(dosfs); return (8); |