diff options
author | mestre <mestre@openbsd.org> | 2015-12-30 12:27:18 +0000 |
---|---|---|
committer | mestre <mestre@openbsd.org> | 2015-12-30 12:27:18 +0000 |
commit | 0ef08ec470e484b7b6a1ae9585f16214069648fe (patch) | |
tree | 40004e1b8394b67b160bd338308aea2f4b8e0622 /usr.sbin/tokenadm | |
parent | now that ibuf_free() checks for null, we can remove the check here. (diff) | |
download | wireguard-openbsd-0ef08ec470e484b7b6a1ae9585f16214069648fe.tar.xz wireguard-openbsd-0ef08ec470e484b7b6a1ae9585f16214069648fe.zip |
pledge(2) tokenadm(8): it needs "rpath wpath cpath fattr flock" for operations
on the DB files and before that it also needs "getpw" due to calling getgrnam(3)
to get the group (TOKEN_GROUP).
This was OK bluhm@ and also with a slightly tweak sugested from him
Diffstat (limited to 'usr.sbin/tokenadm')
-rw-r--r-- | usr.sbin/tokenadm/tokenadm.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.sbin/tokenadm/tokenadm.c b/usr.sbin/tokenadm/tokenadm.c index 6bdde8f9bab..b9ce29e0758 100644 --- a/usr.sbin/tokenadm/tokenadm.c +++ b/usr.sbin/tokenadm/tokenadm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tokenadm.c,v 1.10 2015/01/16 06:40:22 deraadt Exp $ */ +/* $OpenBSD: tokenadm.c,v 1.11 2015/12/30 12:27:18 mestre Exp $ */ /*- * Copyright (c) 1995 Migration Associates Corp. All Rights Reserved @@ -103,6 +103,9 @@ main(int argc, char **argv) if (setrlimit(RLIMIT_CORE, &cds) < 0) syslog(LOG_ERR, "couldn't set core dump size to 0: %m"); + if (pledge("stdio rpath wpath cpath fattr flock getpw", NULL) == -1) + err(1, "pledge"); + while ((c = getopt(argc, argv, "BDERT1dem:r")) != -1) switch (c) { case 'B': |