Drop pledge proc exec getpw after authenticating.

author: millert <millert@openbsd.org> 2015-11-29 14:51:35 +0000
committer: millert <millert@openbsd.org> 2015-11-29 14:51:35 +0000
commit: 0df36d49693ea2f079144b049c509c5b236482ba (patch)
tree: dc61f122e8bab74566c05eeb61d6c3b08daffdd8 /usr.bin/skeyinit
parent: Remove useless getpwnam() call after getpwuid(). Noticed by deraadt@ (diff)
download: wireguard-openbsd-0df36d49693ea2f079144b049c509c5b236482ba.tar.xz
wireguard-openbsd-0df36d49693ea2f079144b049c509c5b236482ba.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/usr.bin/skeyinit/skeyinit.c b/usr.bin/skeyinit/skeyinit.c
index d552f620721..c63bb5fd65f 100644
--- a/usr.bin/skeyinit/skeyinit.c
+++ b/usr.bin/skeyinit/skeyinit.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: skeyinit.c,v 1.66 2015/11/29 14:44:20 millert Exp $	*/
+/*	$OpenBSD: skeyinit.c,v 1.67 2015/11/29 14:51:35 millert Exp $	*/
 
 /* OpenBSD S/Key (skeyinit.c)
  *
@@ -55,7 +55,7 @@ main(int argc, char **argv)
 	struct skey skey;
 	struct passwd *pp;
 
-	if (pledge("stdio rpath wpath cpath fattr flock tty proc exec", NULL) == -1)
+	if (pledge("stdio rpath wpath cpath fattr flock tty proc exec getpw", NULL) == -1)
 		err(1, "pledge");
 
 	n = rmkey = hexmode = enable = 0;
@@ -185,6 +185,9 @@ main(int argc, char **argv)
 			errx(1, "Password incorrect");
 	}
 
+	if (pledge("stdio rpath wpath cpath fattr flock tty", NULL) == -1)
+		err(1, "pledge");
+
 	/*
 	 * Lookup and lock the record we are about to modify.
 	 * If this is a new entry this will prevent other users
author	millert <millert@openbsd.org>	2015-11-29 14:51:35 +0000
committer	millert <millert@openbsd.org>	2015-11-29 14:51:35 +0000
commit	0df36d49693ea2f079144b049c509c5b236482ba (patch)
tree	dc61f122e8bab74566c05eeb61d6c3b08daffdd8 /usr.bin/skeyinit
parent	Remove useless getpwnam() call after getpwuid(). Noticed by deraadt@ (diff)
download	wireguard-openbsd-0df36d49693ea2f079144b049c509c5b236482ba.tar.xz wireguard-openbsd-0df36d49693ea2f079144b049c509c5b236482ba.zip