From 0bd1216cbfac4316d823b5f086842b66ddea2018 Mon Sep 17 00:00:00 2001 From: deraadt Date: Fri, 9 Oct 2015 01:37:06 +0000 Subject: Change all tame callers to namechange to pledge(2). --- bin/cat/cat.c | 6 ++-- bin/chmod/chmod.c | 6 ++-- bin/cp/cp.c | 6 ++-- bin/date/date.c | 6 ++-- bin/dd/dd.c | 6 ++-- bin/df/df.c | 6 ++-- bin/echo/echo.c | 6 ++-- bin/ed/main.c | 6 ++-- bin/expr/expr.c | 6 ++-- bin/ls/ls.c | 6 ++-- bin/md5/md5.c | 10 +++--- bin/mkdir/mkdir.c | 6 ++-- bin/ps/print.c | 6 ++-- bin/ps/ps.1 | 12 +++---- bin/pwd/pwd.c | 6 ++-- bin/rm/rm.c | 10 +++--- bin/rmdir/rmdir.c | 6 ++-- bin/sleep/sleep.c | 6 ++-- bin/test/test.c | 6 ++-- sbin/dmesg/dmesg.c | 10 +++--- sbin/ping/ping.c | 10 +++--- sbin/ping6/ping6.c | 10 +++--- usr.bin/banner/banner.c | 6 ++-- usr.bin/basename/basename.c | 6 ++-- usr.bin/cal/cal.c | 6 ++-- usr.bin/col/col.c | 6 ++-- usr.bin/colrm/colrm.c | 6 ++-- usr.bin/column/column.c | 10 +++--- usr.bin/comm/comm.c | 6 ++-- usr.bin/compress/main.c | 6 ++-- usr.bin/csplit/csplit.c | 10 +++--- usr.bin/ctags/ctags.c | 6 ++-- usr.bin/cut/cut.c | 10 +++--- usr.bin/dc/dc.c | 14 ++++---- usr.bin/deroff/deroff.c | 6 ++-- usr.bin/diff/diff.c | 10 +++--- usr.bin/diff3/diff3prog.c | 6 ++-- usr.bin/dirname/dirname.c | 6 ++-- usr.bin/expand/expand.c | 6 ++-- usr.bin/fgen/fgen.l | 6 ++-- usr.bin/file/file.c | 12 +++---- usr.bin/find/find.c | 6 ++-- usr.bin/finger/finger.c | 14 ++++---- usr.bin/fmt/fmt.c | 10 +++--- usr.bin/fold/fold.c | 10 +++--- usr.bin/from/from.c | 10 +++--- usr.bin/getopt/getopt.c | 6 ++-- usr.bin/grep/grep.c | 6 ++-- usr.bin/head/head.c | 10 +++--- usr.bin/hexdump/hexdump.c | 6 ++-- usr.bin/htpasswd/htpasswd.c | 6 ++-- usr.bin/id/id.c | 6 ++-- usr.bin/indent/indent.c | 6 ++-- usr.bin/join/join.c | 10 +++--- usr.bin/jot/jot.c | 6 ++-- usr.bin/kdump/kdump.c | 10 +++--- usr.bin/kdump/ktrstruct.c | 14 ++++---- usr.bin/lam/lam.c | 6 ++-- usr.bin/lastcomm/lastcomm.c | 6 ++-- usr.bin/leave/leave.c | 6 ++-- usr.bin/lock/lock.c | 6 ++-- usr.bin/logger/logger.c | 6 ++-- usr.bin/logname/logname.c | 6 ++-- usr.bin/look/look.c | 6 ++-- usr.bin/make/main.c | 6 ++-- usr.bin/mktemp/mktemp.c | 6 ++-- usr.bin/nl/nl.c | 6 ++-- usr.bin/nm/nm.c | 6 ++-- usr.bin/openssl/openssl.c | 6 ++-- usr.bin/paste/paste.c | 6 ++-- usr.bin/patch/patch.c | 6 ++-- usr.bin/pr/pr.c | 6 ++-- usr.bin/printenv/printenv.c | 6 ++-- usr.bin/printf/printf.c | 6 ++-- usr.bin/readlink/readlink.c | 6 ++-- usr.bin/rev/rev.c | 6 ++-- usr.bin/rs/rs.c | 6 ++-- usr.bin/script/script.c | 10 +++--- usr.bin/sed/main.c | 10 +++--- usr.bin/signify/signify.c | 22 ++++++------- usr.bin/split/split.c | 6 ++-- usr.bin/ssh/sandbox-pledge.c | 71 ++++++++++++++++++++++++++++++++++++++++ usr.bin/ssh/sandbox-tame.c | 71 ---------------------------------------- usr.bin/ssh/sshd/Makefile | 4 +-- usr.bin/stat/stat.c | 6 ++-- usr.bin/tail/tail.c | 10 +++--- usr.bin/tee/tee.c | 10 +++--- usr.bin/tftp/main.c | 6 ++-- usr.bin/touch/touch.c | 6 ++-- usr.bin/tr/tr.c | 6 ++-- usr.bin/tty/tty.c | 6 ++-- usr.bin/uname/uname.c | 6 ++-- usr.bin/unifdef/unifdef.c | 4 +-- usr.bin/uniq/uniq.c | 10 +++--- usr.bin/units/units.c | 10 +++--- usr.bin/unvis/unvis.c | 10 +++--- usr.bin/users/users.c | 6 ++-- usr.bin/uudecode/uudecode.c | 10 +++--- usr.bin/uuencode/uuencode.c | 10 +++--- usr.bin/vis/vis.c | 10 +++--- usr.bin/wc/wc.c | 6 ++-- usr.bin/what/what.c | 6 ++-- usr.bin/who/who.c | 14 ++++---- usr.bin/whois/whois.c | 6 ++-- usr.bin/write/write.c | 6 ++-- usr.sbin/acpidump/acpidump.c | 6 ++-- usr.sbin/arp/arp.c | 10 +++--- usr.sbin/bgpd/rde.c | 6 ++-- usr.sbin/bgpd/session.c | 6 ++-- usr.sbin/ntpd/ntp_dns.c | 6 ++-- usr.sbin/ntpd/ntpd.c | 6 ++-- usr.sbin/portmap/portmap.c | 10 +++--- usr.sbin/tcpdump/privsep.c | 6 ++-- usr.sbin/tcpdump/tcpdump.c | 6 ++-- usr.sbin/traceroute/traceroute.c | 10 +++--- 115 files changed, 494 insertions(+), 494 deletions(-) create mode 100644 usr.bin/ssh/sandbox-pledge.c delete mode 100644 usr.bin/ssh/sandbox-tame.c diff --git a/bin/cat/cat.c b/bin/cat/cat.c index a28046bae6c..5acecbef5ed 100644 --- a/bin/cat/cat.c +++ b/bin/cat/cat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cat.c,v 1.22 2015/10/03 18:56:20 deraadt Exp $ */ +/* $OpenBSD: cat.c,v 1.23 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: cat.c,v 1.11 1995/09/07 06:12:54 jtc Exp $ */ /* @@ -66,8 +66,8 @@ main(int argc, char *argv[]) setlocale(LC_ALL, ""); - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "benstuv")) != -1) switch (ch) { diff --git a/bin/chmod/chmod.c b/bin/chmod/chmod.c index ff497a622a6..16caf36f050 100644 --- a/bin/chmod/chmod.c +++ b/bin/chmod/chmod.c @@ -1,4 +1,4 @@ -/* $OpenBSD: chmod.c,v 1.37 2015/10/03 15:00:13 deraadt Exp $ */ +/* $OpenBSD: chmod.c,v 1.38 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: chmod.c,v 1.12 1995/03/21 09:02:09 cgd Exp $ */ /* @@ -153,8 +153,8 @@ done: atflags = 0; if (ischflags) { - if (tame("stdio rpath fattr", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath fattr", NULL) == -1) + err(1, "pledge"); flags = *argv; if (*flags >= '0' && *flags <= '7') { diff --git a/bin/cp/cp.c b/bin/cp/cp.c index e62dbb3b9e1..4f3228df35c 100644 --- a/bin/cp/cp.c +++ b/bin/cp/cp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cp.c,v 1.41 2015/10/08 04:39:24 deraadt Exp $ */ +/* $OpenBSD: cp.c,v 1.42 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: cp.c,v 1.14 1995/09/07 06:14:51 jtc Exp $ */ /* @@ -134,8 +134,8 @@ main(int argc, char *argv[]) * -p will use fchown, fchmod, lchown, fchflags.. */ if (Rflag == 0 && pflag == 0) - if (tame("stdio rpath wpath cpath fattr", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath fattr", NULL) == -1) + err(1, "pledge"); if (argc < 2) usage(); diff --git a/bin/date/date.c b/bin/date/date.c index fb19a99ba38..96fc97e2509 100644 --- a/bin/date/date.c +++ b/bin/date/date.c @@ -1,4 +1,4 @@ -/* $OpenBSD: date.c,v 1.48 2015/10/07 05:59:36 deraadt Exp $ */ +/* $OpenBSD: date.c,v 1.49 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: date.c,v 1.11 1995/09/07 06:21:05 jtc Exp $ */ /* @@ -127,8 +127,8 @@ main(int argc, char *argv[]) argc--; } - if (tame("stdio rpath wpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath", NULL) == -1) + err(1, "pledge"); if (*argv && **argv == '+') { format = *argv + 1; diff --git a/bin/dd/dd.c b/bin/dd/dd.c index 586b47b6548..2cbfe8679b2 100644 --- a/bin/dd/dd.c +++ b/bin/dd/dd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dd.c,v 1.22 2015/10/04 15:01:47 deraadt Exp $ */ +/* $OpenBSD: dd.c,v 1.23 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: dd.c,v 1.6 1996/02/20 19:29:06 jtc Exp $ */ /*- @@ -149,8 +149,8 @@ setup(void) if (out.offset) pos_out(); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); /* * Truncate the output file; ignore errors because it fails on some diff --git a/bin/df/df.c b/bin/df/df.c index 07d549736e2..c42aad620bb 100644 --- a/bin/df/df.c +++ b/bin/df/df.c @@ -1,4 +1,4 @@ -/* $OpenBSD: df.c,v 1.53 2015/10/04 15:54:15 deraadt Exp $ */ +/* $OpenBSD: df.c,v 1.54 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: df.c,v 1.21.2.1 1995/11/01 00:06:11 jtc Exp $ */ /* @@ -79,8 +79,8 @@ main(int argc, char *argv[]) int width, maxwidth; char *mntpt; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "hiklnPt:")) != -1) switch (ch) { diff --git a/bin/echo/echo.c b/bin/echo/echo.c index 76dac647782..7a5d38cdc30 100644 --- a/bin/echo/echo.c +++ b/bin/echo/echo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: echo.c,v 1.9 2015/10/03 14:51:39 deraadt Exp $ */ +/* $OpenBSD: echo.c,v 1.10 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: echo.c,v 1.6 1995/03/21 09:04:27 cgd Exp $ */ /* @@ -41,8 +41,8 @@ main(int argc, char *argv[]) { int nflag; - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); /* This utility may NOT do getopt(3) option parsing. */ if (*++argv && !strcmp(*argv, "-n")) { diff --git a/bin/ed/main.c b/bin/ed/main.c index ce29ed14c77..eb216fa5cab 100644 --- a/bin/ed/main.c +++ b/bin/ed/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.49 2015/10/07 05:37:42 deraadt Exp $ */ +/* $OpenBSD: main.c,v 1.50 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: main.c,v 1.3 1995/03/21 09:04:44 cgd Exp $ */ /* main.c: This file contains the main control and user-interface routines @@ -103,8 +103,8 @@ main(volatile int argc, char ** volatile argv) int c, n; int status = 0; - if (tame("stdio rpath wpath cpath proc exec tty", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath proc exec tty", NULL) == -1) + err(1, "pledge"); home = getenv("HOME"); diff --git a/bin/expr/expr.c b/bin/expr/expr.c index 7558a0f841b..d65b239ad66 100644 --- a/bin/expr/expr.c +++ b/bin/expr/expr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: expr.c,v 1.21 2015/10/04 16:01:07 deraadt Exp $ */ +/* $OpenBSD: expr.c,v 1.22 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: expr.c,v 1.3.6.1 1996/06/04 20:41:47 cgd Exp $ */ /* @@ -501,8 +501,8 @@ main(int argc, char *argv[]) (void) setlocale(LC_ALL, ""); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); if (argc > 1 && !strcmp(argv[1], "--")) argv++; diff --git a/bin/ls/ls.c b/bin/ls/ls.c index 112edce9c6f..da93dd91e10 100644 --- a/bin/ls/ls.c +++ b/bin/ls/ls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ls.c,v 1.42 2015/10/04 16:00:43 deraadt Exp $ */ +/* $OpenBSD: ls.c,v 1.43 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: ls.c,v 1.18 1996/07/09 09:16:29 mycroft Exp $ */ /* @@ -123,8 +123,8 @@ ls_main(int argc, char *argv[]) termwidth = width; } - if (tame("stdio rpath getpw", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath getpw", NULL) == -1) + err(1, "pledge"); /* Root is -A automatically. */ if (!getuid()) diff --git a/bin/md5/md5.c b/bin/md5/md5.c index e22c352f62d..b9b6838eb5e 100644 --- a/bin/md5/md5.c +++ b/bin/md5/md5.c @@ -1,4 +1,4 @@ -/* $OpenBSD: md5.c,v 1.81 2015/10/04 04:56:50 deraadt Exp $ */ +/* $OpenBSD: md5.c,v 1.82 2015/10/09 01:37:06 deraadt Exp $ */ /* * Copyright (c) 2001,2003,2005-2007,2010,2013,2014 @@ -200,8 +200,8 @@ main(int argc, char **argv) int fl, error, base64, i; int bflag, cflag, pflag, rflag, tflag, xflag; - if (tame("stdio cpath rpath wpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio cpath rpath wpath", NULL) == -1) + err(1, "pledge"); TAILQ_INIT(&hl); input_string = NULL; @@ -314,8 +314,8 @@ main(int argc, char **argv) if (ofile == NULL) ofile = stdout; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); /* Most arguments are mutually exclusive */ fl = pflag + (tflag ? 1 : 0) + xflag + cflag + (input_string != NULL); diff --git a/bin/mkdir/mkdir.c b/bin/mkdir/mkdir.c index 4529af389f7..a9a78632188 100644 --- a/bin/mkdir/mkdir.c +++ b/bin/mkdir/mkdir.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mkdir.c,v 1.26 2015/10/07 14:17:18 deraadt Exp $ */ +/* $OpenBSD: mkdir.c,v 1.27 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: mkdir.c,v 1.14 1995/06/25 21:59:21 mycroft Exp $ */ /* @@ -83,8 +83,8 @@ main(int argc, char *argv[]) argv += optind; if (mode & (S_ISUID | S_ISGID | S_ISTXT) == 0) { - if (tame("stdio cpath rpath fattr", NULL) == -1) - err(1, "tame"); + if (pledge("stdio cpath rpath fattr", NULL) == -1) + err(1, "pledge"); } if (*argv == NULL) diff --git a/bin/ps/print.c b/bin/ps/print.c index fb4faeb2f4e..d42614e9fae 100644 --- a/bin/ps/print.c +++ b/bin/ps/print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print.c,v 1.62 2015/07/19 19:26:00 deraadt Exp $ */ +/* $OpenBSD: print.c,v 1.63 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: print.c,v 1.27 1995/09/29 21:58:12 cgd Exp $ */ /*- @@ -269,8 +269,8 @@ state(const struct kinfo_proc *kp, VARENT *ve) *cp++ = 's'; if ((kp->p_psflags & PS_CONTROLT) && kp->p__pgid == kp->p_tpgid) *cp++ = '+'; - if (kp->p_psflags & PS_TAMED) - *cp++ = 't'; + if (kp->p_psflags & PS_PLEDGE) + *cp++ = 'p'; *cp = '\0'; if (state == 'R' && kp->p_cpuid != KI_NOCPU) { diff --git a/bin/ps/ps.1 b/bin/ps/ps.1 index 3ce7d6d5637..2085ae92cc0 100644 --- a/bin/ps/ps.1 +++ b/bin/ps/ps.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ps.1,v 1.100 2015/07/19 19:26:00 deraadt Exp $ +.\" $OpenBSD: ps.1,v 1.101 2015/10/09 01:37:06 deraadt Exp $ .\" $NetBSD: ps.1,v 1.16 1996/03/21 01:36:28 jtc Exp $ .\" .\" Copyright (c) 1980, 1990, 1991, 1993, 1994 @@ -30,7 +30,7 @@ .\" .\" @(#)ps.1 8.3 (Berkeley) 4/18/94 .\" -.Dd $Mdocdate: July 19 2015 $ +.Dd $Mdocdate: October 9 2015 $ .Dt PS 1 .Os .Sh NAME @@ -341,7 +341,7 @@ PS_SYSTEM 0x10000 No signals, stats or swapping PS_EMBRYO 0x20000 New process, not yet fledged PS_ZOMBIE 0x40000 Dead and ready to be waited for PS_NOBROADCASTKILL 0x80000 Process excluded from kill -1 -PS_TAMED 0x100000 process has called tame(2) +PS_PLEDGE 0x100000 process has called pledge(2) .Ed .It Cm re Core residency time (in seconds; 127 = infinity). @@ -454,6 +454,9 @@ The process is a kernel thread. .It N The process has a reduced CPU scheduling priority. +.It p +The process has called +.Xr pledge 2 . .\" .It S .\" The process has asked for FIFO .\" page replacement @@ -464,9 +467,6 @@ scheduling priority. .\" sequentially address voluminous data). .It s The process is a session leader. -.It t -The process has called -.Xr tame 2 . .It V The process is suspended during a .Xr vfork 2 . diff --git a/bin/pwd/pwd.c b/bin/pwd/pwd.c index eaee02b76f0..b62aac66e79 100644 --- a/bin/pwd/pwd.c +++ b/bin/pwd/pwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pwd.c,v 1.13 2015/10/05 05:24:12 deraadt Exp $ */ +/* $OpenBSD: pwd.c,v 1.14 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: pwd.c,v 1.22 2011/08/29 14:51:19 joerg Exp $ */ /* @@ -47,8 +47,8 @@ main(int argc, char *argv[]) int ch, lFlag = 0; const char *p; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "LP")) != -1) { switch (ch) { diff --git a/bin/rm/rm.c b/bin/rm/rm.c index 4ac36e259bf..49ed97e2345 100644 --- a/bin/rm/rm.c +++ b/bin/rm/rm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rm.c,v 1.31 2015/10/08 13:17:06 deraadt Exp $ */ +/* $OpenBSD: rm.c,v 1.32 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: rm.c,v 1.19 1995/09/07 06:48:50 jtc Exp $ */ /*- @@ -103,11 +103,11 @@ main(int argc, char *argv[]) argv += optind; if (Pflag) { - if (tame("stdio rpath wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath", NULL) == -1) + err(1, "pledge"); } else { - if (tame("stdio rpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath cpath", NULL) == -1) + err(1, "pledge"); } if (argc < 1 && fflag == 0) diff --git a/bin/rmdir/rmdir.c b/bin/rmdir/rmdir.c index bac7abecca7..896ba3d5f42 100644 --- a/bin/rmdir/rmdir.c +++ b/bin/rmdir/rmdir.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rmdir.c,v 1.10 2015/10/07 15:47:56 deraadt Exp $ */ +/* $OpenBSD: rmdir.c,v 1.11 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: rmdir.c,v 1.13 1995/03/21 09:08:31 cgd Exp $ */ /*- @@ -51,8 +51,8 @@ main(int argc, char *argv[]) setlocale(LC_ALL, ""); - if (tame("stdio cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio cpath", NULL) == -1) + err(1, "pledge"); pflag = 0; while ((ch = getopt(argc, argv, "p")) != -1) diff --git a/bin/sleep/sleep.c b/bin/sleep/sleep.c index ba8ec348c26..fe49ccff47e 100644 --- a/bin/sleep/sleep.c +++ b/bin/sleep/sleep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sleep.c,v 1.22 2015/10/03 03:10:38 deraadt Exp $ */ +/* $OpenBSD: sleep.c,v 1.23 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: sleep.c,v 1.8 1995/03/21 09:11:11 cgd Exp $ */ /* @@ -54,8 +54,8 @@ main(int argc, char *argv[]) struct timespec rqtp; int i; - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); signal(SIGALRM, alarmh); diff --git a/bin/test/test.c b/bin/test/test.c index 7b81b941ae7..b69d342e3ed 100644 --- a/bin/test/test.c +++ b/bin/test/test.c @@ -1,4 +1,4 @@ -/* $OpenBSD: test.c,v 1.14 2015/10/03 23:34:01 deraadt Exp $ */ +/* $OpenBSD: test.c,v 1.15 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: test.c,v 1.15 1995/03/21 07:04:06 cgd Exp $ */ /* @@ -158,8 +158,8 @@ main(int argc, char *argv[]) extern char *__progname; int res; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); if (strcmp(__progname, "[") == 0) { if (strcmp(argv[--argc], "]")) diff --git a/sbin/dmesg/dmesg.c b/sbin/dmesg/dmesg.c index 28c83f56c8d..6eb68d32930 100644 --- a/sbin/dmesg/dmesg.c +++ b/sbin/dmesg/dmesg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dmesg.c,v 1.26 2015/10/04 18:49:30 deraadt Exp $ */ +/* $OpenBSD: dmesg.c,v 1.27 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: dmesg.c,v 1.8 1995/03/18 14:54:49 cgd Exp $ */ /*- @@ -108,8 +108,8 @@ main(int argc, char *argv[]) if (sysctl(mib, 2, bufdata, &len, NULL, 0)) err(1, "sysctl: KERN_MSGBUF"); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); memcpy(&cur, bufdata, sizeof(cur)); bufdata = ((struct msgbuf *)bufdata)->msg_bufc; @@ -123,8 +123,8 @@ main(int argc, char *argv[]) "dmesg")) == NULL) return (1); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); if (kvm_nlist(kd, nl) == -1) errx(1, "kvm_nlist: %s", kvm_geterr(kd)); diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c index a78b4f50669..57af30bf1be 100644 --- a/sbin/ping/ping.c +++ b/sbin/ping/ping.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ping.c,v 1.126 2015/10/03 00:44:37 deraadt Exp $ */ +/* $OpenBSD: ping.c,v 1.127 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: ping.c,v 1.20 1995/08/11 22:37:58 cgd Exp $ */ /* @@ -502,11 +502,11 @@ main(int argc, char *argv[]) (void)printf("PING %s: %d data bytes\n", hostname, datalen); if (options & F_NUMERIC) { - if (tame("stdio inet", NULL) == -1) - err(1, "tame"); + if (pledge("stdio inet", NULL) == -1) + err(1, "pledge"); } else { - if (tame("stdio inet dns", NULL) == -1) - err(1, "tame"); + if (pledge("stdio inet dns", NULL) == -1) + err(1, "pledge"); } (void)signal(SIGINT, finish); diff --git a/sbin/ping6/ping6.c b/sbin/ping6/ping6.c index 287b43b84b8..18793ae3098 100644 --- a/sbin/ping6/ping6.c +++ b/sbin/ping6/ping6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ping6.c,v 1.119 2015/10/04 04:56:50 deraadt Exp $ */ +/* $OpenBSD: ping6.c,v 1.120 2015/10/09 01:37:06 deraadt Exp $ */ /* $KAME: ping6.c,v 1.163 2002/10/25 02:19:06 itojun Exp $ */ /* @@ -747,11 +747,11 @@ main(int argc, char *argv[]) warn("setsockopt(IPV6_RECVHOPLIMIT)"); /* XXX err? */ if (options & F_HOSTNAME) { - if (tame("stdio inet dns", NULL) == -1) - err(1, "tame"); + if (pledge("stdio inet dns", NULL) == -1) + err(1, "pledge"); } else { - if (tame("stdio inet", NULL) == -1) - err(1, "tame"); + if (pledge("stdio inet", NULL) == -1) + err(1, "pledge"); } arc4random_buf(&tv64_offset, sizeof(tv64_offset)); diff --git a/usr.bin/banner/banner.c b/usr.bin/banner/banner.c index e1c450c4644..9fb80f426d4 100644 --- a/usr.bin/banner/banner.c +++ b/usr.bin/banner/banner.c @@ -1,4 +1,4 @@ -/* $OpenBSD: banner.c,v 1.10 2015/10/05 05:33:29 deraadt Exp $ */ +/* $OpenBSD: banner.c,v 1.11 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: banner.c,v 1.2 1995/04/09 06:00:15 cgd Exp $ */ /* @@ -153,8 +153,8 @@ main(int argc, char *argv[]) { char word[10+1]; /* strings limited to 10 chars */ - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); while (*++argv) { (void)strlcpy(word, *argv, sizeof (word)); scan_out(1, word, '\0'); diff --git a/usr.bin/basename/basename.c b/usr.bin/basename/basename.c index bcdaf532103..e40142eb5f2 100644 --- a/usr.bin/basename/basename.c +++ b/usr.bin/basename/basename.c @@ -1,4 +1,4 @@ -/* $OpenBSD: basename.c,v 1.10 2015/10/03 01:07:15 deraadt Exp $ */ +/* $OpenBSD: basename.c,v 1.11 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: basename.c,v 1.9 1995/09/02 05:29:46 jtc Exp $ */ /*- @@ -48,8 +48,8 @@ main(int argc, char *argv[]) setlocale(LC_ALL, ""); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "")) != -1) { switch (ch) { diff --git a/usr.bin/cal/cal.c b/usr.bin/cal/cal.c index 017f0addf5e..a4655bd579e 100644 --- a/usr.bin/cal/cal.c +++ b/usr.bin/cal/cal.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cal.c,v 1.29 2015/10/05 13:30:30 deraadt Exp $ */ +/* $OpenBSD: cal.c,v 1.30 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: cal.c,v 1.6 1995/03/26 03:10:24 glass Exp $ */ /* @@ -150,8 +150,8 @@ main(int argc, char *argv[]) int ch, month, year, yflag; const char *errstr; - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); yflag = year = 0; while ((ch = getopt(argc, argv, "jmwy")) != -1) diff --git a/usr.bin/col/col.c b/usr.bin/col/col.c index ff12834bd31..c3c51b4c630 100644 --- a/usr.bin/col/col.c +++ b/usr.bin/col/col.c @@ -1,4 +1,4 @@ -/* $OpenBSD: col.c,v 1.18 2015/10/05 06:04:18 deraadt Exp $ */ +/* $OpenBSD: col.c,v 1.19 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: col.c,v 1.7 1995/09/02 05:48:50 jtc Exp $ */ /*- @@ -113,8 +113,8 @@ main(int argc, char *argv[]) int adjust, opt, warned; const char *errstr; - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); max_bufd_lines = 256; compress_spaces = 1; /* compress spaces into tabs */ diff --git a/usr.bin/colrm/colrm.c b/usr.bin/colrm/colrm.c index 26e601cd1c8..11b7100fc04 100644 --- a/usr.bin/colrm/colrm.c +++ b/usr.bin/colrm/colrm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: colrm.c,v 1.10 2015/10/05 13:30:30 deraadt Exp $ */ +/* $OpenBSD: colrm.c,v 1.11 2015/10/09 01:37:06 deraadt Exp $ */ /* $NetBSD: colrm.c,v 1.4 1995/09/02 05:51:37 jtc Exp $ */ /*- @@ -52,8 +52,8 @@ main(int argc, char *argv[]) int ch; char *p; - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "")) != -1) switch(ch) { diff --git a/usr.bin/column/column.c b/usr.bin/column/column.c index f37aeca06bd..9db9985144e 100644 --- a/usr.bin/column/column.c +++ b/usr.bin/column/column.c @@ -1,4 +1,4 @@ -/* $OpenBSD: column.c,v 1.20 2015/10/05 13:30:30 deraadt Exp $ */ +/* $OpenBSD: column.c,v 1.21 2015/10/09 01:37:07 deraadt Exp $ */ /* $NetBSD: column.c,v 1.4 1995/09/02 05:53:03 jtc Exp $ */ /* @@ -76,8 +76,8 @@ main(int argc, char *argv[]) } else termwidth = win.ws_col; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); tflag = xflag = 0; while ((ch = getopt(argc, argv, "c:s:tx")) != -1) @@ -116,8 +116,8 @@ main(int argc, char *argv[]) } } } - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); if (!entries) exit(eval); diff --git a/usr.bin/comm/comm.c b/usr.bin/comm/comm.c index d15b931e545..73d19291d8b 100644 --- a/usr.bin/comm/comm.c +++ b/usr.bin/comm/comm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: comm.c,v 1.9 2015/10/05 13:30:30 deraadt Exp $ */ +/* $OpenBSD: comm.c,v 1.10 2015/10/09 01:37:07 deraadt Exp $ */ /* $NetBSD: comm.c,v 1.10 1995/09/05 19:57:43 jtc Exp $ */ /* @@ -61,8 +61,8 @@ main(int argc, char *argv[]) setlocale(LC_ALL, ""); - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); flag1 = flag2 = flag3 = 1; compare = strcoll; diff --git a/usr.bin/compress/main.c b/usr.bin/compress/main.c index ca773c4af26..1793da7132d 100644 --- a/usr.bin/compress/main.c +++ b/usr.bin/compress/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.88 2015/10/04 16:50:29 deraadt Exp $ */ +/* $OpenBSD: main.c,v 1.89 2015/10/09 01:37:07 deraadt Exp $ */ /* * Copyright (c) 1992, 1993 @@ -167,8 +167,8 @@ main(int argc, char *argv[]) char outfile[PATH_MAX], _infile[PATH_MAX], suffix[16]; int bits, ch, error, rc, cflag, oflag; - if (tame("stdio rpath wpath cpath fattr", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath fattr", NULL) == -1) + err(1, "pledge"); bits = cflag = oflag = 0; storename = -1; diff --git a/usr.bin/csplit/csplit.c b/usr.bin/csplit/csplit.c index c11bbba620d..fe80da9591d 100644 --- a/usr.bin/csplit/csplit.c +++ b/usr.bin/csplit/csplit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: csplit.c,v 1.6 2015/10/07 03:50:10 deraadt Exp $ */ +/* $OpenBSD: csplit.c,v 1.7 2015/10/09 01:37:07 deraadt Exp $ */ /* $FreeBSD: src/usr.bin/csplit/csplit.c,v 1.9 2004/03/22 11:15:03 tjr Exp $ */ /*- @@ -103,8 +103,8 @@ main(int argc, char *argv[]) setlocale(LC_ALL, ""); - if (tame("stdio rpath wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath", NULL) == -1) + err(1, "pledge"); kflag = sflag = 0; prefix = "xx"; @@ -143,8 +143,8 @@ main(int argc, char *argv[]) if (strcmp(infn, "-") == 0) { infile = stdin; infn = "stdin"; - if (tame("stdio wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio wpath cpath", NULL) == -1) + err(1, "pledge"); } else if ((infile = fopen(infn, "r")) == NULL) err(1, "%s", infn); diff --git a/usr.bin/ctags/ctags.c b/usr.bin/ctags/ctags.c index 68d9f2f9014..595219bfb31 100644 --- a/usr.bin/ctags/ctags.c +++ b/usr.bin/ctags/ctags.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ctags.c,v 1.17 2015/10/07 06:33:31 deraadt Exp $ */ +/* $OpenBSD: ctags.c,v 1.18 2015/10/09 01:37:07 deraadt Exp $ */ /* $NetBSD: ctags.c,v 1.4 1995/09/02 05:57:23 jtc Exp $ */ /* @@ -77,8 +77,8 @@ main(int argc, char *argv[]) int step; /* step through args */ int ch; /* getopts char */ - if (tame("stdio rpath wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath", NULL) == -1) + err(1, "pledge"); aflag = uflag = NO; while ((ch = getopt(argc, argv, "BFadf:tuwvx")) != -1) diff --git a/usr.bin/cut/cut.c b/usr.bin/cut/cut.c index 2f14ce08dd3..7985a04ee93 100644 --- a/usr.bin/cut/cut.c +++ b/usr.bin/cut/cut.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cut.c,v 1.20 2015/10/05 13:27:45 deraadt Exp $ */ +/* $OpenBSD: cut.c,v 1.21 2015/10/09 01:37:07 deraadt Exp $ */ /* $NetBSD: cut.c,v 1.9 1995/09/02 05:59:23 jtc Exp $ */ /* @@ -63,8 +63,8 @@ main(int argc, char *argv[]) setlocale (LC_ALL, ""); - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); dchar = '\t'; /* default delimiter is \t */ @@ -121,8 +121,8 @@ main(int argc, char *argv[]) } } else { - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); fcn(stdin, "stdin"); } exit(rval); diff --git a/usr.bin/dc/dc.c b/usr.bin/dc/dc.c index 8c796d9c1be..c50cbca0cd4 100644 --- a/usr.bin/dc/dc.c +++ b/usr.bin/dc/dc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dc.c,v 1.14 2015/10/03 18:39:13 deraadt Exp $ */ +/* $OpenBSD: dc.c,v 1.15 2015/10/09 01:37:07 deraadt Exp $ */ /* * Copyright (c) 2003, Otto Moerbeek @@ -47,8 +47,8 @@ main(int argc, char *argv[]) char *buf, *p; struct stat st; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); if ((buf = strdup("")) == NULL) err(1, NULL); @@ -91,8 +91,8 @@ main(int argc, char *argv[]) file = fopen(argv[0], "r"); if (file == NULL) err(1, "cannot open file %s", argv[0]); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); if (fstat(fileno(file), &st) == -1) err(1, "%s", argv[0]); if (S_ISDIR(st.st_mode)) @@ -107,8 +107,8 @@ main(int argc, char *argv[]) */ return (0); } - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); src_setstream(&src, stdin); reset_bmachine(&src); eval(); diff --git a/usr.bin/deroff/deroff.c b/usr.bin/deroff/deroff.c index 6b92034ed21..0957ec1661e 100644 --- a/usr.bin/deroff/deroff.c +++ b/usr.bin/deroff/deroff.c @@ -1,4 +1,4 @@ -/* $OpenBSD: deroff.c,v 1.12 2015/10/05 06:05:42 deraadt Exp $ */ +/* $OpenBSD: deroff.c,v 1.13 2015/10/09 01:37:07 deraadt Exp $ */ /*- * Copyright (c) 1988, 1993 @@ -260,8 +260,8 @@ main(int ac, char **av) int errflg = 0; int kflag = NO; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); iflag = NO; wordflag = NO; diff --git a/usr.bin/diff/diff.c b/usr.bin/diff/diff.c index eb2d8e5d0a2..c37b8087918 100644 --- a/usr.bin/diff/diff.c +++ b/usr.bin/diff/diff.c @@ -1,4 +1,4 @@ -/* $OpenBSD: diff.c,v 1.62 2015/10/05 20:15:00 millert Exp $ */ +/* $OpenBSD: diff.c,v 1.63 2015/10/09 01:37:07 deraadt Exp $ */ /* * Copyright (c) 2003 Todd C. Miller @@ -212,11 +212,11 @@ main(int argc, char **argv) argv += optind; if (getenv("TMPDIR")) { - if (tame("stdio rpath wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath", NULL) == -1) + err(1, "pledge"); } else { - if (tame("stdio rpath tmppath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath tmppath", NULL) == -1) + err(1, "pledge"); } /* diff --git a/usr.bin/diff3/diff3prog.c b/usr.bin/diff3/diff3prog.c index 921da78a548..b928b062167 100644 --- a/usr.bin/diff3/diff3prog.c +++ b/usr.bin/diff3/diff3prog.c @@ -1,4 +1,4 @@ -/* $OpenBSD: diff3prog.c,v 1.16 2015/10/05 13:30:30 deraadt Exp $ */ +/* $OpenBSD: diff3prog.c,v 1.17 2015/10/09 01:37:07 deraadt Exp $ */ /* * Copyright (C) Caldera International Inc. 2001-2002. @@ -145,8 +145,8 @@ main(int argc, char **argv) { int ch, i, m, n; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); eflag = 0; oflag = 0; diff --git a/usr.bin/dirname/dirname.c b/usr.bin/dirname/dirname.c index 1d4d8c547a0..7e0328e6f86 100644 --- a/usr.bin/dirname/dirname.c +++ b/usr.bin/dirname/dirname.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dirname.c,v 1.14 2015/10/05 13:30:30 deraadt Exp $ */ +/* $OpenBSD: dirname.c,v 1.15 2015/10/09 01:37:07 deraadt Exp $ */ /* * Copyright (c) 1997 Todd C. Miller @@ -33,8 +33,8 @@ main(int argc, char *argv[]) setlocale(LC_ALL, ""); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "")) != -1) { switch (ch) { diff --git a/usr.bin/expand/expand.c b/usr.bin/expand/expand.c index 2e43bd732ab..01d10ce2b1d 100644 --- a/usr.bin/expand/expand.c +++ b/usr.bin/expand/expand.c @@ -1,4 +1,4 @@ -/* $OpenBSD: expand.c,v 1.13 2015/10/05 13:24:39 deraadt Exp $ */ +/* $OpenBSD: expand.c,v 1.14 2015/10/09 01:37:07 deraadt Exp $ */ /* $NetBSD: expand.c,v 1.5 1995/09/02 06:19:46 jtc Exp $ */ /* @@ -51,8 +51,8 @@ main(int argc, char *argv[]) int c, column; int n; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); /* handle obsolete syntax */ while (argc > 1 && argv[1][0] == '-' && diff --git a/usr.bin/fgen/fgen.l b/usr.bin/fgen/fgen.l index 8930dae0d39..7248ac6aad6 100644 --- a/usr.bin/fgen/fgen.l +++ b/usr.bin/fgen/fgen.l @@ -1,5 +1,5 @@ %{ -/* $OpenBSD: fgen.l,v 1.11 2015/10/06 05:51:01 deraadt Exp $ */ +/* $OpenBSD: fgen.l,v 1.12 2015/10/09 01:37:07 deraadt Exp $ */ /* $NetBSD: fgen.l,v 1.12 2001/06/13 10:46:05 wiz Exp $ */ /* FLEX input for FORTH input file scanner */ /* @@ -960,8 +960,8 @@ main(argc, argv) char *hdrtype = "version1"; int i; - if (tame("stdio rpath wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath", NULL) == -1) + err(1, "pledge"); outf = 1; /* stdout */ myname = argv[0]; diff --git a/usr.bin/file/file.c b/usr.bin/file/file.c index 1ac228c3f91..65ae402286d 100644 --- a/usr.bin/file/file.c +++ b/usr.bin/file/file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: file.c,v 1.51 2015/10/06 15:39:44 deraadt Exp $ */ +/* $OpenBSD: file.c,v 1.52 2015/10/09 01:37:07 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -223,7 +223,7 @@ main(int argc, char **argv) msg.error = errno; } else { /* - * tame(2) doesn't let us pass directory file + * pledge(2) doesn't let us pass directory file * descriptors around - but in fact we don't need them, * so just don't open directories or symlinks (which * could be to directories). @@ -351,8 +351,8 @@ child(int fd, pid_t parent, int argc, char **argv) int i, idx; size_t len, width = 0; - if (tame("stdio getpw proc recvfd", NULL) == -1) - err(1, "tame"); + if (pledge("stdio getpw proc recvfd", NULL) == -1) + err(1, "pledge"); if (geteuid() == 0) { pw = getpwnam(FILE_USER); @@ -366,8 +366,8 @@ child(int fd, pid_t parent, int argc, char **argv) err(1, "setresuid"); } - if (tame("stdio recvfd", NULL) == -1) - err(1, "tame"); + if (pledge("stdio recvfd", NULL) == -1) + err(1, "pledge"); m = magic_load(magicfp, magicpath, cflag || Wflag); if (cflag) { diff --git a/usr.bin/find/find.c b/usr.bin/find/find.c index 0b5e8ec0120..3aa979b95c7 100644 --- a/usr.bin/find/find.c +++ b/usr.bin/find/find.c @@ -1,4 +1,4 @@ -/* $OpenBSD: find.c,v 1.18 2015/10/05 15:25:16 deraadt Exp $ */ +/* $OpenBSD: find.c,v 1.19 2015/10/09 01:37:07 deraadt Exp $ */ /*- * Copyright (c) 1991, 1993 @@ -155,8 +155,8 @@ find_execute(PLAN *plan, /* search plan */ PLAN *p; if (mayexecve == 0) - if (tame("stdio getpw rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio getpw rpath", NULL) == -1) + err(1, "pledge"); rval = 0; diff --git a/usr.bin/finger/finger.c b/usr.bin/finger/finger.c index 1f065d865fe..d8b755cbd1e 100644 --- a/usr.bin/finger/finger.c +++ b/usr.bin/finger/finger.c @@ -1,4 +1,4 @@ -/* $OpenBSD: finger.c,v 1.21 2015/10/03 02:09:33 deraadt Exp $ */ +/* $OpenBSD: finger.c,v 1.22 2015/10/09 01:37:07 deraadt Exp $ */ /* * Copyright (c) 1989 The Regents of the University of California. @@ -126,8 +126,8 @@ main(int argc, char *argv[]) mflag++; } - if (tame("stdio getpw rpath inet", NULL) == -1) - err(1, "tame"); + if (pledge("stdio getpw rpath inet", NULL) == -1) + err(1, "pledge"); (void)time(&now); setpassent(1); @@ -137,8 +137,8 @@ main(int argc, char *argv[]) * not selected. Force the -s BEFORE we get names so proper * screening will be done. */ - if (tame("stdio getpw rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio getpw rpath", NULL) == -1) + err(1, "pledge"); if (!lflag) sflag = 1; /* if -l not explicit, force -s */ loginlist(); @@ -220,8 +220,8 @@ userlist(int argc, char **argv) goto net; if (nettail == &nethead) - if (tame("stdio getpw rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio getpw rpath", NULL) == -1) + err(1, "pledge"); /* * traverse the list of possible login names and check the login name diff --git a/usr.bin/fmt/fmt.c b/usr.bin/fmt/fmt.c index bb9f42b2184..7bf480a1ade 100644 --- a/usr.bin/fmt/fmt.c +++ b/usr.bin/fmt/fmt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fmt.c,v 1.32 2015/10/05 06:21:15 deraadt Exp $ */ +/* $OpenBSD: fmt.c,v 1.33 2015/10/09 01:37:07 deraadt Exp $ */ /* Sensible version of fmt * @@ -255,8 +255,8 @@ main(int argc, char *argv[]) (void)setlocale(LC_CTYPE, ""); - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); /* 1. Grok parameters. */ while ((ch = getopt(argc, argv, "0123456789cd:hl:mnpst:w:")) != -1) { @@ -340,8 +340,8 @@ main(int argc, char *argv[]) while (argc-- > 0) process_named_file(*argv++); } else { - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); process_stream(stdin, "standard input"); } diff --git a/usr.bin/fold/fold.c b/usr.bin/fold/fold.c index 521971de6c6..90d4ed592a9 100644 --- a/usr.bin/fold/fold.c +++ b/usr.bin/fold/fold.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fold.c,v 1.16 2015/10/05 06:26:33 deraadt Exp $ */ +/* $OpenBSD: fold.c,v 1.17 2015/10/09 01:37:07 deraadt Exp $ */ /* $NetBSD: fold.c,v 1.6 1995/09/01 01:42:44 jtc Exp $ */ /*- @@ -56,8 +56,8 @@ main(int argc, char *argv[]) unsigned int width; const char *errstr; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); width = 0; lastch = '\0'; @@ -103,8 +103,8 @@ main(int argc, char *argv[]) width = DEFLINEWIDTH; if (!*argv) { - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); fold(width); } else { for (; *argv; ++argv) { diff --git a/usr.bin/from/from.c b/usr.bin/from/from.c index f6ecef03539..743e0981dc1 100644 --- a/usr.bin/from/from.c +++ b/usr.bin/from/from.c @@ -1,4 +1,4 @@ -/* $OpenBSD: from.c,v 1.21 2015/10/07 06:51:50 deraadt Exp $ */ +/* $OpenBSD: from.c,v 1.22 2015/10/09 01:37:07 deraadt Exp $ */ /* $NetBSD: from.c,v 1.6 1995/09/01 01:39:10 jtc Exp $ */ /* @@ -74,16 +74,16 @@ main(int argc, char *argv[]) } argv += optind; - if (tame("stdio rpath getpw", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath getpw", NULL) == -1) + err(1, "pledge"); file = mail_spool(file, *argv); if ((fp = fopen(file, "r")) == NULL) { if (!fflag && errno == ENOENT) exit(EXIT_SUCCESS); err(1, "%s", file); } - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); for (newline = 1; (linelen = getline(&line, &linesize, fp)) != -1;) { if (*line == '\n') { newline = 1; diff --git a/usr.bin/getopt/getopt.c b/usr.bin/getopt/getopt.c index b0781e62058..ea971bbf64a 100644 --- a/usr.bin/getopt/getopt.c +++ b/usr.bin/getopt/getopt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getopt.c,v 1.9 2015/10/07 06:39:16 deraadt Exp $ */ +/* $OpenBSD: getopt.c,v 1.10 2015/10/09 01:37:07 deraadt Exp $ */ /* * This material, written by Henry Spencer, was released by him @@ -18,8 +18,8 @@ main(int argc, char *argv[]) int c; int status = 0; - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); optind = 2; /* Past the program name and the option letters. */ while ((c = getopt(argc, argv, argv[1])) != -1) diff --git a/usr.bin/grep/grep.c b/usr.bin/grep/grep.c index d3536387a9d..f790e1d5d7e 100644 --- a/usr.bin/grep/grep.c +++ b/usr.bin/grep/grep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: grep.c,v 1.53 2015/10/03 05:36:34 deraadt Exp $ */ +/* $OpenBSD: grep.c,v 1.54 2015/10/09 01:37:07 deraadt Exp $ */ /*- * Copyright (c) 1999 James Howard and Dag-Erling Coïdan Smørgrav @@ -238,8 +238,8 @@ main(int argc, char *argv[]) char **expr; const char *errstr; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); SLIST_INIT(&patfilelh); switch (__progname[0]) { diff --git a/usr.bin/head/head.c b/usr.bin/head/head.c index e5120e48d36..383a4ae0d6f 100644 --- a/usr.bin/head/head.c +++ b/usr.bin/head/head.c @@ -1,4 +1,4 @@ -/* $OpenBSD: head.c,v 1.19 2015/10/07 06:55:10 deraadt Exp $ */ +/* $OpenBSD: head.c,v 1.20 2015/10/09 01:37:07 deraadt Exp $ */ /* * Copyright (c) 1980, 1987 Regents of the University of California. @@ -55,8 +55,8 @@ main(int argc, char *argv[]) char *p = NULL; int status = 0; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); /* handle obsolete -number syntax */ if (argc > 1 && argv[1][0] == '-' && @@ -90,8 +90,8 @@ main(int argc, char *argv[]) if (!firsttime) exit(status); fp = stdin; - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); } else { if ((fp = fopen(*argv, "r")) == NULL) { warn("%s", *argv++); diff --git a/usr.bin/hexdump/hexdump.c b/usr.bin/hexdump/hexdump.c index 539c5d1c4e6..741e56a9d1d 100644 --- a/usr.bin/hexdump/hexdump.c +++ b/usr.bin/hexdump/hexdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hexdump.c,v 1.18 2015/10/05 06:36:18 deraadt Exp $ */ +/* $OpenBSD: hexdump.c,v 1.19 2015/10/09 01:37:07 deraadt Exp $ */ /* $NetBSD: hexdump.c,v 1.7 1997/10/19 02:34:06 lukem Exp $ */ /* @@ -54,8 +54,8 @@ main(int argc, char *argv[]) FS *tfs; char *p; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); if (!(p = strrchr(argv[0], 'o')) || strcmp(p, "od")) newsyntax(argc, &argv); diff --git a/usr.bin/htpasswd/htpasswd.c b/usr.bin/htpasswd/htpasswd.c index 1ac7a9fc331..fc285c24758 100644 --- a/usr.bin/htpasswd/htpasswd.c +++ b/usr.bin/htpasswd/htpasswd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: htpasswd.c,v 1.12 2015/10/07 06:44:01 deraadt Exp $ */ +/* $OpenBSD: htpasswd.c,v 1.13 2015/10/09 01:37:07 deraadt Exp $ */ /* * Copyright (c) 2014 Florian Obser * @@ -57,8 +57,8 @@ main(int argc, char** argv) ssize_t linelen; mode_t old_umask; - if (tame("stdio rpath wpath cpath tmppath tty", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath tmppath tty", NULL) == -1) + err(1, "pledge"); while ((c = getopt(argc, argv, "I")) != -1) { switch (c) { diff --git a/usr.bin/id/id.c b/usr.bin/id/id.c index e6b3d20ae8b..ba107339794 100644 --- a/usr.bin/id/id.c +++ b/usr.bin/id/id.c @@ -1,4 +1,4 @@ -/* $OpenBSD: id.c,v 1.25 2015/10/05 06:43:31 deraadt Exp $ */ +/* $OpenBSD: id.c,v 1.26 2015/10/09 01:37:07 deraadt Exp $ */ /*- * Copyright (c) 1991, 1993 @@ -58,8 +58,8 @@ main(int argc, char *argv[]) gid_t gid; const char *opts; - if (tame("stdio getpw", NULL) == -1) - err(1, "tame"); + if (pledge("stdio getpw", NULL) == -1) + err(1, "pledge"); cflag = Gflag = gflag = nflag = pflag = rflag = uflag = 0; diff --git a/usr.bin/indent/indent.c b/usr.bin/indent/indent.c index fac42540636..13ff0d2e887 100644 --- a/usr.bin/indent/indent.c +++ b/usr.bin/indent/indent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: indent.c,v 1.28 2015/10/05 23:42:40 deraadt Exp $ */ +/* $OpenBSD: indent.c,v 1.29 2015/10/09 01:37:07 deraadt Exp $ */ /* * Copyright (c) 1980, 1993 @@ -78,8 +78,8 @@ main(int argc, char **argv) int last_else = 0; /* true iff last keyword was an else */ - if (tame("stdio rpath wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath", NULL) == -1) + err(1, "pledge"); /*-----------------------------------------------*\ | INITIALIZATION | diff --git a/usr.bin/join/join.c b/usr.bin/join/join.c index ee51c1cac20..3049a423196 100644 --- a/usr.bin/join/join.c +++ b/usr.bin/join/join.c @@ -1,4 +1,4 @@ -/* $OpenBSD: join.c,v 1.26 2015/10/07 04:00:45 deraadt Exp $ */ +/* $OpenBSD: join.c,v 1.27 2015/10/09 01:37:07 deraadt Exp $ */ /*- * Copyright (c) 1991, 1993, 1994 @@ -104,8 +104,8 @@ main(int argc, char *argv[]) int aflag, ch, cval, vflag; char *end; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); F1 = &input1; F2 = &input2; @@ -211,8 +211,8 @@ main(int argc, char *argv[]) if (F1->fp == stdin && F2->fp == stdin) errx(1, "only one input file may be stdin"); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); F1->setusedc = 0; F2->setusedc = 0; diff --git a/usr.bin/jot/jot.c b/usr.bin/jot/jot.c index 2ab180ce069..8952ead4094 100644 --- a/usr.bin/jot/jot.c +++ b/usr.bin/jot/jot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: jot.c,v 1.25 2015/10/06 22:55:51 deraadt Exp $ */ +/* $OpenBSD: jot.c,v 1.26 2015/10/09 01:37:07 deraadt Exp $ */ /* $NetBSD: jot.c,v 1.3 1994/12/02 20:29:43 pk Exp $ */ /*- @@ -84,8 +84,8 @@ main(int argc, char *argv[]) int ch; const char *errstr; - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "rb:w:cs:np:")) != -1) switch (ch) { diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c index a74ca70d587..a9257581bca 100644 --- a/usr.bin/kdump/kdump.c +++ b/usr.bin/kdump/kdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kdump.c,v 1.112 2015/10/06 03:27:25 deraadt Exp $ */ +/* $OpenBSD: kdump.c,v 1.113 2015/10/09 01:37:08 deraadt Exp $ */ /*- * Copyright (c) 1988, 1993 @@ -241,8 +241,8 @@ main(int argc, char *argv[]) if (argc > optind) usage(); - if (tame("stdio getpw rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio getpw rpath", NULL) == -1) + err(1, "pledge"); m = malloc(size = 1025); if (m == NULL) @@ -250,8 +250,8 @@ main(int argc, char *argv[]) if (!freopen(tracefile, "r", stdin)) err(1, "%s", tracefile); - if (tame("stdio getpw", NULL) == -1) - err(1, "tame"); + if (pledge("stdio getpw", NULL) == -1) + err(1, "pledge"); if (fread_tail(&ktr_header, sizeof(struct ktr_header), 1) == 0 || ktr_header.ktr_type != htobe32(KTR_START)) diff --git a/usr.bin/kdump/ktrstruct.c b/usr.bin/kdump/ktrstruct.c index 6adffa3ecc6..a19971ee077 100644 --- a/usr.bin/kdump/ktrstruct.c +++ b/usr.bin/kdump/ktrstruct.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ktrstruct.c,v 1.11 2015/10/03 23:52:30 guenther Exp $ */ +/* $OpenBSD: ktrstruct.c,v 1.12 2015/10/09 01:37:08 deraadt Exp $ */ /*- * Copyright (c) 1988, 1993 @@ -560,13 +560,13 @@ ktrstruct(char *buf, size_t buflen) memcpy(cmsg, data, datalen); ktrcmsghdr(cmsg, datalen); free(cmsg); - } else if (strcmp(name, "tamereq") == 0) { - printf("tame request="); - showbufc(basecol + sizeof("tame request=") - 1, + } else if (strcmp(name, "pledgereq") == 0) { + printf("pledge request="); + showbufc(basecol + sizeof("pledge request=") - 1, (unsigned char *)data, datalen); - } else if (strcmp(name, "tamepath") == 0) { - printf("tame path="); - showbufc(basecol + sizeof("tame path=") - 1, + } else if (strcmp(name, "pledgepath") == 0) { + printf("pledge path="); + showbufc(basecol + sizeof("pledge path=") - 1, (unsigned char *)data, datalen); } else { printf("unknown structure %s\n", name); diff --git a/usr.bin/lam/lam.c b/usr.bin/lam/lam.c index 1f10025d6d3..a2a70e9747c 100644 --- a/usr.bin/lam/lam.c +++ b/usr.bin/lam/lam.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lam.c,v 1.18 2015/10/07 04:03:57 deraadt Exp $ */ +/* $OpenBSD: lam.c,v 1.19 2015/10/09 01:37:08 deraadt Exp $ */ /* $NetBSD: lam.c,v 1.2 1994/11/14 20:27:42 jtc Exp $ */ /*- @@ -71,8 +71,8 @@ main(int argc, char *argv[]) { int i; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); /* Process arguments, set numfiles to file argument count. */ getargs(argc, argv); diff --git a/usr.bin/lastcomm/lastcomm.c b/usr.bin/lastcomm/lastcomm.c index b4843dc160c..2e02770b366 100644 --- a/usr.bin/lastcomm/lastcomm.c +++ b/usr.bin/lastcomm/lastcomm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lastcomm.c,v 1.22 2015/10/07 14:05:07 deraadt Exp $ */ +/* $OpenBSD: lastcomm.c,v 1.23 2015/10/09 01:37:08 deraadt Exp $ */ /* $NetBSD: lastcomm.c,v 1.9 1995/10/22 01:43:42 ghudson Exp $ */ /* @@ -69,8 +69,8 @@ main(int argc, char *argv[]) int ch; char *acctfile; - if (tame("stdio rpath getpw", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath getpw", NULL) == -1) + err(1, "pledge"); acctfile = _PATH_ACCT; while ((ch = getopt(argc, argv, "f:")) != -1) diff --git a/usr.bin/leave/leave.c b/usr.bin/leave/leave.c index e7493d54a0b..ec11d62735a 100644 --- a/usr.bin/leave/leave.c +++ b/usr.bin/leave/leave.c @@ -1,4 +1,4 @@ -/* $OpenBSD: leave.c,v 1.16 2015/10/03 05:13:23 deraadt Exp $ */ +/* $OpenBSD: leave.c,v 1.17 2015/10/09 01:37:08 deraadt Exp $ */ /* $NetBSD: leave.c,v 1.4 1995/07/03 16:50:13 phil Exp $ */ /* @@ -63,8 +63,8 @@ main(int argc, char *argv[]) int plusnow = 0, twentyfour; char buf[50]; - if (tame("stdio proc", NULL) == -1) - err(1, "tame"); + if (pledge("stdio proc", NULL) == -1) + err(1, "pledge"); if (setvbuf(stdout, NULL, _IOLBF, 0) != 0) errx(1, "Cannot set stdout to line buffered."); diff --git a/usr.bin/lock/lock.c b/usr.bin/lock/lock.c index b1a31dedcfc..572f501081e 100644 --- a/usr.bin/lock/lock.c +++ b/usr.bin/lock/lock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lock.c,v 1.29 2015/10/07 04:05:24 deraadt Exp $ */ +/* $OpenBSD: lock.c,v 1.30 2015/10/09 01:37:08 deraadt Exp $ */ /* $NetBSD: lock.c,v 1.8 1996/05/07 18:32:31 jtc Exp $ */ /* @@ -90,8 +90,8 @@ main(int argc, char *argv[]) usemine = 0; no_timeout = 0; - if (tame("stdio getpw rpath wpath tty", NULL) == -1) - err(1, "tame"); + if (pledge("stdio getpw rpath wpath tty", NULL) == -1) + err(1, "pledge"); if (!(pw = getpwuid(getuid()))) errx(1, "unknown uid %u.", getuid()); diff --git a/usr.bin/logger/logger.c b/usr.bin/logger/logger.c index 01b8eb1f104..7450bc9d836 100644 --- a/usr.bin/logger/logger.c +++ b/usr.bin/logger/logger.c @@ -1,4 +1,4 @@ -/* $OpenBSD: logger.c,v 1.15 2015/10/05 23:59:11 deraadt Exp $ */ +/* $OpenBSD: logger.c,v 1.16 2015/10/09 01:37:08 deraadt Exp $ */ /* $NetBSD: logger.c,v 1.4 1994/12/22 06:27:00 jtc Exp $ */ /* @@ -93,8 +93,8 @@ main(int argc, char *argv[]) openlog(tag ? tag : getlogin(), logflags, 0); (void) fclose(stdout); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); /* log input line if appropriate */ if (argc > 0) { diff --git a/usr.bin/logname/logname.c b/usr.bin/logname/logname.c index ab7499caf64..618a2d34843 100644 --- a/usr.bin/logname/logname.c +++ b/usr.bin/logname/logname.c @@ -1,4 +1,4 @@ -/* $OpenBSD: logname.c,v 1.8 2015/10/07 14:06:26 deraadt Exp $ */ +/* $OpenBSD: logname.c,v 1.9 2015/10/09 01:37:08 deraadt Exp $ */ /* $NetBSD: logname.c,v 1.6 1994/12/22 06:39:32 jtc Exp $ */ /*- @@ -46,8 +46,8 @@ main(int argc, char *argv[]) setlocale(LC_ALL, ""); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "")) != -1) switch (ch) { diff --git a/usr.bin/look/look.c b/usr.bin/look/look.c index 86c66fee630..be81ee53d42 100644 --- a/usr.bin/look/look.c +++ b/usr.bin/look/look.c @@ -1,4 +1,4 @@ -/* $OpenBSD: look.c,v 1.17 2015/10/07 14:13:23 deraadt Exp $ */ +/* $OpenBSD: look.c,v 1.18 2015/10/09 01:37:08 deraadt Exp $ */ /* $NetBSD: look.c,v 1.7 1995/08/31 22:41:02 jtc Exp $ */ /*- @@ -88,8 +88,8 @@ main(int argc, char *argv[]) int ch, fd, termchar; char *back, *file, *front, *string, *p; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); file = _PATH_WORDS; termchar = '\0'; diff --git a/usr.bin/make/main.c b/usr.bin/make/main.c index 891d8602b3a..77fb6d08abe 100644 --- a/usr.bin/make/main.c +++ b/usr.bin/make/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.113 2015/10/08 14:49:27 deraadt Exp $ */ +/* $OpenBSD: main.c,v 1.114 2015/10/09 01:37:08 deraadt Exp $ */ /* $NetBSD: main.c,v 1.34 1997/03/24 20:56:36 gwr Exp $ */ /* @@ -192,8 +192,8 @@ MainParseArgs(int argc, char **argv) #define OPTFLAGS "BC:D:I:SV:d:ef:ij:km:npqrst" #define OPTLETTERS "BSiknpqrst" - if (tame("stdio rpath wpath cpath proc exec", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1) + err(1, "pledge"); optind = 1; /* since we're called more than once */ optreset = 1; diff --git a/usr.bin/mktemp/mktemp.c b/usr.bin/mktemp/mktemp.c index 6355c193aa9..713b67fd105 100644 --- a/usr.bin/mktemp/mktemp.c +++ b/usr.bin/mktemp/mktemp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mktemp.c,v 1.21 2015/10/07 06:43:15 deraadt Exp $ */ +/* $OpenBSD: mktemp.c,v 1.22 2015/10/09 01:37:08 deraadt Exp $ */ /* * Copyright (c) 1996, 1997, 2001-2003, 2013 @@ -38,8 +38,8 @@ main(int argc, char *argv[]) char *cp, *template, *tempfile, *prefix = _PATH_TMP; size_t len; - if (tame("stdio rpath wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "dp:qtu")) != -1) switch(ch) { diff --git a/usr.bin/nl/nl.c b/usr.bin/nl/nl.c index 59e3af8ba20..e4c1e2d6177 100644 --- a/usr.bin/nl/nl.c +++ b/usr.bin/nl/nl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nl.c,v 1.5 2015/10/07 07:00:01 deraadt Exp $ */ +/* $OpenBSD: nl.c,v 1.6 2015/10/09 01:37:08 deraadt Exp $ */ /* $NetBSD: nl.c,v 1.11 2011/08/16 12:00:46 christos Exp $ */ /*- @@ -118,8 +118,8 @@ main(int argc, char *argv[]) (void)setlocale(LC_ALL, ""); - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); while ((c = getopt(argc, argv, "pb:d:f:h:i:l:n:s:v:w:")) != -1) { switch (c) { diff --git a/usr.bin/nm/nm.c b/usr.bin/nm/nm.c index c1b0d19f6fc..1872486f889 100644 --- a/usr.bin/nm/nm.c +++ b/usr.bin/nm/nm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nm.c,v 1.48 2015/10/05 07:16:03 deraadt Exp $ */ +/* $OpenBSD: nm.c,v 1.49 2015/10/09 01:37:08 deraadt Exp $ */ /* $NetBSD: nm.c,v 1.7 1996/01/14 23:04:03 pk Exp $ */ /* @@ -212,8 +212,8 @@ main(int argc, char *argv[]) if (demangle) pipe2cppfilt(); - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); argv += optind; argc -= optind; diff --git a/usr.bin/openssl/openssl.c b/usr.bin/openssl/openssl.c index 21a5aa60184..8ac645636a8 100644 --- a/usr.bin/openssl/openssl.c +++ b/usr.bin/openssl/openssl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: openssl.c,v 1.14 2015/10/07 05:21:41 deraadt Exp $ */ +/* $OpenBSD: openssl.c,v 1.15 2015/10/09 01:37:08 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -436,8 +436,8 @@ main(int argc, char **argv) arg.data = NULL; arg.count = 0; - if (tame("stdio inet rpath cpath wpath proc", NULL) == -1) { - fprintf(stderr, "openssl: tame: %s\n", strerror(errno)); + if (pledge("stdio inet rpath cpath wpath proc", NULL) == -1) { + fprintf(stderr, "openssl: pledge: %s\n", strerror(errno)); exit(1); } diff --git a/usr.bin/paste/paste.c b/usr.bin/paste/paste.c index ee73fbe136d..ef4c62d926b 100644 --- a/usr.bin/paste/paste.c +++ b/usr.bin/paste/paste.c @@ -1,4 +1,4 @@ -/* $OpenBSD: paste.c,v 1.20 2015/10/07 14:12:42 deraadt Exp $ */ +/* $OpenBSD: paste.c,v 1.21 2015/10/09 01:37:08 deraadt Exp $ */ /* * Copyright (c) 1989 The Regents of the University of California. @@ -57,8 +57,8 @@ main(int argc, char *argv[]) extern int optind; int ch, seq; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); seq = 0; while ((ch = getopt(argc, argv, "d:s")) != -1) { diff --git a/usr.bin/patch/patch.c b/usr.bin/patch/patch.c index ad477a2bd1e..0d0c5058484 100644 --- a/usr.bin/patch/patch.c +++ b/usr.bin/patch/patch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: patch.c,v 1.58 2015/10/07 06:29:26 deraadt Exp $ */ +/* $OpenBSD: patch.c,v 1.59 2015/10/09 01:37:08 deraadt Exp $ */ /* * patch - a program to apply diffs to original files @@ -147,8 +147,8 @@ main(int argc, char *argv[]) const char *tmpdir; char *v; - if (tame("stdio rpath wpath cpath tmppath fattr proc exec", NULL) == -1) - perror("tame"); + if (pledge("stdio rpath wpath cpath tmppath fattr proc exec", NULL) == -1) + perror("pledge"); setvbuf(stdout, NULL, _IOLBF, 0); setvbuf(stderr, NULL, _IOLBF, 0); diff --git a/usr.bin/pr/pr.c b/usr.bin/pr/pr.c index a3ab9d8661e..950576e7ead 100644 --- a/usr.bin/pr/pr.c +++ b/usr.bin/pr/pr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pr.c,v 1.37 2015/10/07 06:15:51 deraadt Exp $ */ +/* $OpenBSD: pr.c,v 1.38 2015/10/09 01:37:08 deraadt Exp $ */ /*- * Copyright (c) 1991 Keith Muller. @@ -140,8 +140,8 @@ main(int argc, char *argv[]) { int ret_val; - if (tame("stdio rpath", NULL) == -1) - perror("tame"); + if (pledge("stdio rpath", NULL) == -1) + perror("pledge"); if (signal(SIGINT, SIG_IGN) != SIG_IGN) (void)signal(SIGINT, terminate); diff --git a/usr.bin/printenv/printenv.c b/usr.bin/printenv/printenv.c index a0be932b36d..fc0b225e410 100644 --- a/usr.bin/printenv/printenv.c +++ b/usr.bin/printenv/printenv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printenv.c,v 1.7 2015/10/07 06:35:19 deraadt Exp $ */ +/* $OpenBSD: printenv.c,v 1.8 2015/10/09 01:37:08 deraadt Exp $ */ /* * Copyright (c) 1987 Regents of the University of California. @@ -48,8 +48,8 @@ main(int argc, char *argv[]) char *cp, **ep; int len; - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); if (argc < 2) { for (ep = environ; *ep; ep++) diff --git a/usr.bin/printf/printf.c b/usr.bin/printf/printf.c index f7883ea969d..73eb5b28cbb 100644 --- a/usr.bin/printf/printf.c +++ b/usr.bin/printf/printf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: printf.c,v 1.23 2015/10/06 23:01:43 deraadt Exp $ */ +/* $OpenBSD: printf.c,v 1.24 2015/10/09 01:37:08 deraadt Exp $ */ /* * Copyright (c) 1989 The Regents of the University of California. @@ -82,8 +82,8 @@ main(int argc, char *argv[]) setlocale (LC_ALL, ""); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); /* Need to accept/ignore "--" option. */ if (argc > 1 && strcmp(argv[1], "--") == 0) { diff --git a/usr.bin/readlink/readlink.c b/usr.bin/readlink/readlink.c index a5a0445283a..6380b3e0e46 100644 --- a/usr.bin/readlink/readlink.c +++ b/usr.bin/readlink/readlink.c @@ -1,5 +1,5 @@ /* - * $OpenBSD: readlink.c,v 1.26 2015/10/07 14:10:50 deraadt Exp $ + * $OpenBSD: readlink.c,v 1.27 2015/10/09 01:37:08 deraadt Exp $ * * Copyright (c) 1997 * Kenneth Stailey (hereinafter referred to as the author) @@ -44,8 +44,8 @@ main(int argc, char *argv[]) int n, ch, nflag = 0, fflag = 0; extern int optind; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "fn")) != -1) switch (ch) { diff --git a/usr.bin/rev/rev.c b/usr.bin/rev/rev.c index c24980b3945..abcfcff1581 100644 --- a/usr.bin/rev/rev.c +++ b/usr.bin/rev/rev.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rev.c,v 1.11 2015/10/07 06:18:00 deraadt Exp $ */ +/* $OpenBSD: rev.c,v 1.12 2015/10/09 01:37:08 deraadt Exp $ */ /* $NetBSD: rev.c,v 1.5 1995/09/28 08:49:40 tls Exp $ */ /*- @@ -49,8 +49,8 @@ main(int argc, char *argv[]) size_t len; int ch, rval; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "")) != -1) switch(ch) { diff --git a/usr.bin/rs/rs.c b/usr.bin/rs/rs.c index 90f26aad4ac..7b5da82b1d4 100644 --- a/usr.bin/rs/rs.c +++ b/usr.bin/rs/rs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rs.c,v 1.26 2015/10/06 03:26:31 deraadt Exp $ */ +/* $OpenBSD: rs.c,v 1.27 2015/10/09 01:37:08 deraadt Exp $ */ /*- * Copyright (c) 1993 @@ -93,8 +93,8 @@ void putfile(void); int main(int argc, char *argv[]) { - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); getargs(argc, argv); getfile(); diff --git a/usr.bin/script/script.c b/usr.bin/script/script.c index 1bb97d72809..b05e5ac4ea3 100644 --- a/usr.bin/script/script.c +++ b/usr.bin/script/script.c @@ -1,4 +1,4 @@ -/* $OpenBSD: script.c,v 1.30 2015/10/07 05:08:27 deraadt Exp $ */ +/* $OpenBSD: script.c,v 1.31 2015/10/09 01:37:08 deraadt Exp $ */ /* $NetBSD: script.c,v 1.3 1994/12/21 08:55:43 jtc Exp $ */ /* @@ -165,8 +165,8 @@ main(int argc, char *argv[]) sa.sa_handler = finish; (void)sigaction(SIGCHLD, &sa, NULL); - if (tame("stdio tty", NULL) == -1) - err(1, "tame"); + if (pledge("stdio tty", NULL) == -1) + err(1, "pledge"); (void)fclose(fscript); while (1) { @@ -251,8 +251,8 @@ dooutput(void) sa.sa_handler = SIG_IGN; (void)sigaction(SIGCHLD, &sa, NULL); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); value.it_interval.tv_sec = 30; value.it_interval.tv_usec = 0; diff --git a/usr.bin/sed/main.c b/usr.bin/sed/main.c index 1e91848914a..50ed1c01a3d 100644 --- a/usr.bin/sed/main.c +++ b/usr.bin/sed/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.25 2015/10/03 00:58:59 deraadt Exp $ */ +/* $OpenBSD: main.c,v 1.26 2015/10/09 01:37:08 deraadt Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. @@ -160,11 +160,11 @@ main(int argc, char *argv[]) termwidth = 60; if (inplace != NULL) { - if (tame("stdio wpath rpath cpath fattr", NULL) == -1) - err(1, "tame"); + if (pledge("stdio wpath rpath cpath fattr", NULL) == -1) + err(1, "pledge"); } else { - if (tame("stdio wpath rpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio wpath rpath cpath", NULL) == -1) + err(1, "pledge"); } /* First usage case; script is the first arg */ diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c index ec80973a5b0..5a9b20bfe02 100644 --- a/usr.bin/signify/signify.c +++ b/usr.bin/signify/signify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: signify.c,v 1.101 2015/10/08 16:45:50 tedu Exp $ */ +/* $OpenBSD: signify.c,v 1.102 2015/10/09 01:37:08 deraadt Exp $ */ /* * Copyright (c) 2013 Ted Unangst * @@ -663,8 +663,8 @@ main(int argc, char **argv) VERIFY } verb = NONE; - if (tame("stdio rpath wpath cpath tty", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath tty", NULL) == -1) + err(1, "pledge"); rounds = 42; @@ -730,21 +730,21 @@ main(int argc, char **argv) /* keep it all */ break; case CHECK: - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); break; case VERIFY: if (embedded && (!msgfile || strcmp(msgfile, "-") != 0)) { - if (tame("stdio rpath wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath", NULL) == -1) + err(1, "pledge"); } else { - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); } break; default: - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); break; } diff --git a/usr.bin/split/split.c b/usr.bin/split/split.c index d0306e57629..3183cbce7fa 100644 --- a/usr.bin/split/split.c +++ b/usr.bin/split/split.c @@ -1,4 +1,4 @@ -/* $OpenBSD: split.c,v 1.19 2015/10/07 14:37:11 deraadt Exp $ */ +/* $OpenBSD: split.c,v 1.20 2015/10/09 01:37:08 deraadt Exp $ */ /* $NetBSD: split.c,v 1.5 1995/08/31 22:22:05 jtc Exp $ */ /* @@ -68,8 +68,8 @@ main(int argc, char *argv[]) char *ep, *p; const char *errstr; - if (tame("stdio rpath wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "0123456789a:b:l:p:-")) != -1) switch (ch) { diff --git a/usr.bin/ssh/sandbox-pledge.c b/usr.bin/ssh/sandbox-pledge.c new file mode 100644 index 00000000000..592e32ba703 --- /dev/null +++ b/usr.bin/ssh/sandbox-pledge.c @@ -0,0 +1,71 @@ +/* $OpenBSD: sandbox-pledge.c,v 1.1 2015/10/09 01:37:08 deraadt Exp $ */ +/* + * Copyright (c) 2015 Theo de Raadt + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "log.h" +#include "ssh-sandbox.h" +#include "xmalloc.h" + +struct ssh_sandbox { + pid_t child_pid; +}; + +struct ssh_sandbox * +ssh_sandbox_init(void) +{ + struct ssh_sandbox *box; + + debug3("%s: preparing pledge sandbox", __func__); + box = xcalloc(1, sizeof(*box)); + box->child_pid = 0; + + return box; +} + +void +ssh_sandbox_child(struct ssh_sandbox *box) +{ + if (pledge("stdio", NULL) == -1) + fatal("%s: pledge()", __func__); +} + +void +ssh_sandbox_parent_finish(struct ssh_sandbox *box) +{ + free(box); + debug3("%s: finished", __func__); +} + +void +ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) +{ + box->child_pid = child_pid; + /* Nothing to do here */ +} diff --git a/usr.bin/ssh/sandbox-tame.c b/usr.bin/ssh/sandbox-tame.c deleted file mode 100644 index 12c91adea7a..00000000000 --- a/usr.bin/ssh/sandbox-tame.c +++ /dev/null @@ -1,71 +0,0 @@ -/* $OpenBSD: sandbox-tame.c,v 1.2 2015/10/02 15:52:55 deraadt Exp $ */ -/* - * Copyright (c) 2015 Theo de Raadt - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -#include "log.h" -#include "ssh-sandbox.h" -#include "xmalloc.h" - -struct ssh_sandbox { - pid_t child_pid; -}; - -struct ssh_sandbox * -ssh_sandbox_init(void) -{ - struct ssh_sandbox *box; - - debug3("%s: preparing tame sandbox", __func__); - box = xcalloc(1, sizeof(*box)); - box->child_pid = 0; - - return box; -} - -void -ssh_sandbox_child(struct ssh_sandbox *box) -{ - if (tame("stdio", NULL) == -1) - fatal("%s: tame()", __func__); -} - -void -ssh_sandbox_parent_finish(struct ssh_sandbox *box) -{ - free(box); - debug3("%s: finished", __func__); -} - -void -ssh_sandbox_parent_preauth(struct ssh_sandbox *box, pid_t child_pid) -{ - box->child_pid = child_pid; - /* Nothing to do here */ -} diff --git a/usr.bin/ssh/sshd/Makefile b/usr.bin/ssh/sshd/Makefile index 329071193d1..7ab42f6d7ca 100644 --- a/usr.bin/ssh/sshd/Makefile +++ b/usr.bin/ssh/sshd/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.86 2015/10/03 02:37:30 deraadt Exp $ +# $OpenBSD: Makefile,v 1.87 2015/10/09 01:37:08 deraadt Exp $ .PATH: ${.CURDIR}/.. .include "${.CURDIR}/../Makefile.inc" @@ -17,7 +17,7 @@ SRCS= sshd.c auth-rhosts.c auth-passwd.c \ auth2-none.c auth2-passwd.c auth2-pubkey.c \ monitor_mm.c monitor.c monitor_wrap.c \ sftp-server.c sftp-common.c \ - roaming_common.c roaming_serv.c sandbox-tame.c + roaming_common.c roaming_serv.c sandbox-pledge.c .if (${SSH1:L} == "yes") SRCS+= auth-rsa.c auth-rh-rsa.c auth1.c diff --git a/usr.bin/stat/stat.c b/usr.bin/stat/stat.c index 3a3116f4cbe..ee607f47532 100644 --- a/usr.bin/stat/stat.c +++ b/usr.bin/stat/stat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: stat.c,v 1.19 2015/10/06 00:24:20 deraadt Exp $ */ +/* $OpenBSD: stat.c,v 1.20 2015/10/09 01:37:08 deraadt Exp $ */ /* $NetBSD: stat.c,v 1.19 2004/06/20 22:20:16 jmc Exp $ */ /* @@ -158,8 +158,8 @@ main(int argc, char *argv[]) int lsF, fmtchar, usestat, fn, nonl, quiet; char *statfmt, *options, *synopsis; - if (tame("stdio getpw rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio getpw rpath", NULL) == -1) + err(1, "pledge"); lsF = 0; fmtchar = '\0'; diff --git a/usr.bin/tail/tail.c b/usr.bin/tail/tail.c index 41eca1594be..e543e0b9b2f 100644 --- a/usr.bin/tail/tail.c +++ b/usr.bin/tail/tail.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tail.c,v 1.18 2015/10/07 03:49:41 deraadt Exp $ */ +/* $OpenBSD: tail.c,v 1.19 2015/10/09 01:37:09 deraadt Exp $ */ /*- * Copyright (c) 1991, 1993 @@ -61,8 +61,8 @@ main(int argc, char *argv[]) int ch, first; char *p; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); /* * Tail's options are weird. First, -n10 is the same as -n-10, not @@ -174,8 +174,8 @@ main(int argc, char *argv[]) (void)fclose(fp); } else { - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); fname = "stdin"; is_stdin = 1; diff --git a/usr.bin/tee/tee.c b/usr.bin/tee/tee.c index 91bf24cac1e..8da58303ae2 100644 --- a/usr.bin/tee/tee.c +++ b/usr.bin/tee/tee.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tee.c,v 1.9 2015/10/07 14:34:34 deraadt Exp $ */ +/* $OpenBSD: tee.c,v 1.10 2015/10/09 01:37:09 deraadt Exp $ */ /* $NetBSD: tee.c,v 1.5 1994/12/09 01:43:39 jtc Exp $ */ /* @@ -74,8 +74,8 @@ main(int argc, char *argv[]) setlocale(LC_ALL, ""); - if (tame("stdio wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio wpath cpath", NULL) == -1) + err(1, "pledge"); append = 0; while ((ch = getopt(argc, argv, "ai")) != -1) { @@ -108,8 +108,8 @@ main(int argc, char *argv[]) argv++; } - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); while ((rval = read(STDIN_FILENO, buf, sizeof(buf))) > 0) { for (p = head; p; p = p->next) { diff --git a/usr.bin/tftp/main.c b/usr.bin/tftp/main.c index 152b6617524..37ea7d565f8 100644 --- a/usr.bin/tftp/main.c +++ b/usr.bin/tftp/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.36 2015/10/07 14:36:07 deraadt Exp $ */ +/* $OpenBSD: main.c,v 1.37 2015/10/09 01:37:09 deraadt Exp $ */ /* $NetBSD: main.c,v 1.6 1995/05/21 16:54:10 mycroft Exp $ */ /* @@ -171,8 +171,8 @@ main(int argc, char *argv[]) { f = -1; - if (tame("stdio inet rpath wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio inet rpath wpath cpath", NULL) == -1) + err(1, "pledge"); /* set default transfer mode */ strlcpy(mode, "netascii", sizeof(mode)); diff --git a/usr.bin/touch/touch.c b/usr.bin/touch/touch.c index d446176dca8..ec4821eac37 100644 --- a/usr.bin/touch/touch.c +++ b/usr.bin/touch/touch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: touch.c,v 1.24 2015/10/06 13:48:34 deraadt Exp $ */ +/* $OpenBSD: touch.c,v 1.25 2015/10/09 01:37:09 deraadt Exp $ */ /* $NetBSD: touch.c,v 1.11 1995/08/31 22:10:06 jtc Exp $ */ /* @@ -60,8 +60,8 @@ main(int argc, char *argv[]) (void)setlocale(LC_ALL, ""); - if (tame("stdio rpath wpath cpath fattr", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath fattr", NULL) == -1) + err(1, "pledge"); aflag = cflag = mflag = timeset = 0; while ((ch = getopt(argc, argv, "acd:fmr:t:")) != -1) diff --git a/usr.bin/tr/tr.c b/usr.bin/tr/tr.c index 767660d57e8..18905a23a79 100644 --- a/usr.bin/tr/tr.c +++ b/usr.bin/tr/tr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tr.c,v 1.18 2015/10/06 13:49:33 deraadt Exp $ */ +/* $OpenBSD: tr.c,v 1.19 2015/10/09 01:37:09 deraadt Exp $ */ /* $NetBSD: tr.c,v 1.5 1995/08/31 22:13:48 jtc Exp $ */ /* @@ -87,8 +87,8 @@ main(int argc, char *argv[]) int ch, cnt, lastch, *p; int cflag, dflag, sflag, isstring2; - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); cflag = dflag = sflag = 0; while ((ch = getopt(argc, argv, "Ccds")) != -1) diff --git a/usr.bin/tty/tty.c b/usr.bin/tty/tty.c index e7c451824e2..bd9c20d3ec9 100644 --- a/usr.bin/tty/tty.c +++ b/usr.bin/tty/tty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tty.c,v 1.8 2015/10/07 18:00:06 deraadt Exp $ */ +/* $OpenBSD: tty.c,v 1.9 2015/10/09 01:37:09 deraadt Exp $ */ /* $NetBSD: tty.c,v 1.4 1994/12/07 00:46:57 jtc Exp $ */ /* @@ -43,8 +43,8 @@ main(int argc, char *argv[]) int ch, sflag; char *t; - if (tame("stdio rpath tty", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath tty", NULL) == -1) + err(1, "pledge"); sflag = 0; while ((ch = getopt(argc, argv, "s")) != -1) { diff --git a/usr.bin/uname/uname.c b/usr.bin/uname/uname.c index 85ac7dc1186..ad8dcb4a76c 100644 --- a/usr.bin/uname/uname.c +++ b/usr.bin/uname/uname.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uname.c,v 1.15 2015/10/03 12:41:16 deraadt Exp $ */ +/* $OpenBSD: uname.c,v 1.16 2015/10/09 01:37:09 deraadt Exp $ */ /* * Copyright (c) 1994 Winning Strategies, Inc. @@ -59,8 +59,8 @@ main(int argc, char *argv[]) setlocale(LC_ALL, ""); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); while ((c = getopt(argc, argv, "amnrsvp")) != -1 ) { switch (c) { diff --git a/usr.bin/unifdef/unifdef.c b/usr.bin/unifdef/unifdef.c index 4a08dc2d764..13b871b3917 100644 --- a/usr.bin/unifdef/unifdef.c +++ b/usr.bin/unifdef/unifdef.c @@ -265,8 +265,8 @@ main(int argc, char *argv[]) const char *errstr; int opt; - if (tame("stdio rpath wpath cpath fattr", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath fattr", NULL) == -1) + err(1, "pledge"); while ((opt = getopt(argc, argv, "i:D:U:f:I:M:o:x:bBcdehKklmnsStV")) != -1) switch (opt) { diff --git a/usr.bin/uniq/uniq.c b/usr.bin/uniq/uniq.c index 414be50c3fe..9404c7d738a 100644 --- a/usr.bin/uniq/uniq.c +++ b/usr.bin/uniq/uniq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uniq.c,v 1.21 2015/10/04 04:56:50 deraadt Exp $ */ +/* $OpenBSD: uniq.c,v 1.22 2015/10/09 01:37:09 deraadt Exp $ */ /* $NetBSD: uniq.c,v 1.7 1995/08/31 22:03:48 jtc Exp $ */ /* @@ -61,8 +61,8 @@ main(int argc, char *argv[]) int ch; char *prevline, *thisline; - if (tame("stdio rpath wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath", NULL) == -1) + err(1, "pledge"); obsolete(argv); while ((ch = getopt(argc, argv, "cdf:s:u")) != -1) { @@ -122,8 +122,8 @@ main(int argc, char *argv[]) usage(); } - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); prevline = malloc(MAXLINELEN); thisline = malloc(MAXLINELEN); diff --git a/usr.bin/units/units.c b/usr.bin/units/units.c index b4b7e6e8049..98af5031fb1 100644 --- a/usr.bin/units/units.c +++ b/usr.bin/units/units.c @@ -1,4 +1,4 @@ -/* $OpenBSD: units.c,v 1.21 2015/10/06 13:29:56 deraadt Exp $ */ +/* $OpenBSD: units.c,v 1.22 2015/10/09 01:37:09 deraadt Exp $ */ /* $NetBSD: units.c,v 1.6 1996/04/06 06:01:03 thorpej Exp $ */ /* @@ -632,8 +632,8 @@ main(int argc, char **argv) extern char *optarg; extern int optind; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); while ((optchar = getopt(argc, argv, "vqf:")) != -1) { switch (optchar) { @@ -664,8 +664,8 @@ main(int argc, char **argv) readunits(userfile); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); if (argc == 3) { strlcpy(havestr, argv[0], sizeof(havestr)); diff --git a/usr.bin/unvis/unvis.c b/usr.bin/unvis/unvis.c index 924e88c8a90..22566d97512 100644 --- a/usr.bin/unvis/unvis.c +++ b/usr.bin/unvis/unvis.c @@ -1,4 +1,4 @@ -/* $OpenBSD: unvis.c,v 1.13 2015/10/06 22:58:24 deraadt Exp $ */ +/* $OpenBSD: unvis.c,v 1.14 2015/10/09 01:37:09 deraadt Exp $ */ /*- * Copyright (c) 1989, 1993 @@ -43,8 +43,8 @@ main(int argc, char *argv[]) FILE *fp; int ch; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "")) != -1) switch(ch) { @@ -66,8 +66,8 @@ main(int argc, char *argv[]) argv++; } else { - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); process(stdin, ""); } diff --git a/usr.bin/users/users.c b/usr.bin/users/users.c index 2847815d174..8a8d13828de 100644 --- a/usr.bin/users/users.c +++ b/usr.bin/users/users.c @@ -1,4 +1,4 @@ -/* $OpenBSD: users.c,v 1.12 2015/10/07 14:35:19 deraadt Exp $ */ +/* $OpenBSD: users.c,v 1.13 2015/10/09 01:37:09 deraadt Exp $ */ /* $NetBSD: users.c,v 1.5 1994/12/20 15:58:19 jtc Exp $ */ /* @@ -53,8 +53,8 @@ main(int argc, char *argv[]) struct utmp utmp; int ch; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "")) != -1) switch(ch) { diff --git a/usr.bin/uudecode/uudecode.c b/usr.bin/uudecode/uudecode.c index 355917f3af9..a442fa9cac1 100644 --- a/usr.bin/uudecode/uudecode.c +++ b/usr.bin/uudecode/uudecode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uudecode.c,v 1.21 2015/10/07 06:00:33 deraadt Exp $ */ +/* $OpenBSD: uudecode.c,v 1.22 2015/10/09 01:37:09 deraadt Exp $ */ /* $FreeBSD: uudecode.c,v 1.49 2003/05/03 19:44:46 obrien Exp $ */ /*- @@ -127,11 +127,11 @@ main(int argc, char *argv[]) argv += optind; if (oflag || pflag == 0) { - if (tame("stdio rpath wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath", NULL) == -1) + err(1, "pledge"); } else { - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); } if (*argv) { diff --git a/usr.bin/uuencode/uuencode.c b/usr.bin/uuencode/uuencode.c index c3dfe3a79c5..f318854fb61 100644 --- a/usr.bin/uuencode/uuencode.c +++ b/usr.bin/uuencode/uuencode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uuencode.c,v 1.12 2015/10/07 06:00:33 deraadt Exp $ */ +/* $OpenBSD: uuencode.c,v 1.13 2015/10/09 01:37:09 deraadt Exp $ */ /* $FreeBSD: uuencode.c,v 1.18 2004/01/22 07:23:35 grehan Exp $ */ /*- @@ -99,11 +99,11 @@ main(int argc, char *argv[]) argc -= optind; if (argc == 2 || outfile) { - if (tame("stdio rpath wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath wpath cpath", NULL) == -1) + err(1, "pledge"); } else { - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); } switch(argc) { diff --git a/usr.bin/vis/vis.c b/usr.bin/vis/vis.c index 869660d3898..cf5cd8449c1 100644 --- a/usr.bin/vis/vis.c +++ b/usr.bin/vis/vis.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vis.c,v 1.18 2015/10/05 06:59:18 deraadt Exp $ */ +/* $OpenBSD: vis.c,v 1.19 2015/10/09 01:37:09 deraadt Exp $ */ /* $NetBSD: vis.c,v 1.4 1994/12/20 16:13:03 jtc Exp $ */ /*- @@ -55,8 +55,8 @@ main(int argc, char *argv[]) FILE *fp; int ch; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "anwctsobfF:ld")) != -1) switch(ch) { @@ -118,8 +118,8 @@ main(int argc, char *argv[]) argv++; } else { - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); process(stdin); } exit(0); diff --git a/usr.bin/wc/wc.c b/usr.bin/wc/wc.c index 8c1104e3bf4..cfeb9e4196d 100644 --- a/usr.bin/wc/wc.c +++ b/usr.bin/wc/wc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: wc.c,v 1.18 2015/10/03 14:39:25 deraadt Exp $ */ +/* $OpenBSD: wc.c,v 1.19 2015/10/09 01:37:09 deraadt Exp $ */ /* * Copyright (c) 1980, 1987, 1991, 1993 @@ -57,8 +57,8 @@ main(int argc, char *argv[]) setlocale(LC_ALL, ""); - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); while ((ch = getopt(argc, argv, "lwchm")) != -1) switch(ch) { diff --git a/usr.bin/what/what.c b/usr.bin/what/what.c index 7442b26288c..d22d67387b0 100644 --- a/usr.bin/what/what.c +++ b/usr.bin/what/what.c @@ -1,4 +1,4 @@ -/* $OpenBSD: what.c,v 1.14 2015/10/06 13:47:08 deraadt Exp $ */ +/* $OpenBSD: what.c,v 1.15 2015/10/09 01:37:09 deraadt Exp $ */ /* $NetBSD: what.c,v 1.4 1994/12/20 16:01:03 jtc Exp $ */ /* @@ -58,8 +58,8 @@ main(int argc, char *argv[]) char match[256]; int c; - if (tame("stdio rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath", NULL) == -1) + err(1, "pledge"); matches = sflag = 0; while ((c = getopt(argc, argv, "s")) != -1) { diff --git a/usr.bin/who/who.c b/usr.bin/who/who.c index 0bf8b179669..b409e541a99 100644 --- a/usr.bin/who/who.c +++ b/usr.bin/who/who.c @@ -1,4 +1,4 @@ -/* $OpenBSD: who.c,v 1.22 2015/10/07 17:27:35 semarie Exp $ */ +/* $OpenBSD: who.c,v 1.23 2015/10/09 01:37:09 deraadt Exp $ */ /* $NetBSD: who.c,v 1.4 1994/12/07 04:28:49 jtc Exp $ */ /* @@ -74,8 +74,8 @@ main(int argc, char *argv[]) setlocale(LC_ALL, ""); - if (tame("stdio getpw rpath tty", NULL) == -1) - err(1, "tame"); + if (pledge("stdio getpw rpath tty", NULL) == -1) + err(1, "pledge"); mytty = ttyname(0); /* strip any directory component */ @@ -290,11 +290,11 @@ file(char *name) /* NOTREACHED */ } if (show_term || show_idle) { - if (tame("stdio getpw rpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio getpw rpath", NULL) == -1) + err(1, "pledge"); } else { - if (tame("stdio getpw", NULL) == -1) - err(1, "tame"); + if (pledge("stdio getpw", NULL) == -1) + err(1, "pledge"); } return(ufp); } diff --git a/usr.bin/whois/whois.c b/usr.bin/whois/whois.c index a88660c757b..342b965e3e0 100644 --- a/usr.bin/whois/whois.c +++ b/usr.bin/whois/whois.c @@ -1,4 +1,4 @@ -/* $OpenBSD: whois.c,v 1.49 2015/10/03 01:33:20 deraadt Exp $ */ +/* $OpenBSD: whois.c,v 1.50 2015/10/09 01:37:09 deraadt Exp $ */ /* * Copyright (c) 1980, 1993 @@ -138,8 +138,8 @@ main(int argc, char *argv[]) if (!argc || (country != NULL && host != NULL)) usage(); - if (tame("stdio dns inet", NULL) == -1) - err(1, "tame"); + if (pledge("stdio dns inet", NULL) == -1) + err(1, "pledge"); if (host == NULL && country == NULL && !(flags & WHOIS_QUICK)) flags |= WHOIS_RECURSE; diff --git a/usr.bin/write/write.c b/usr.bin/write/write.c index d239d27482c..ffbe8a8681f 100644 --- a/usr.bin/write/write.c +++ b/usr.bin/write/write.c @@ -1,4 +1,4 @@ -/* $OpenBSD: write.c,v 1.30 2015/10/06 03:25:02 deraadt Exp $ */ +/* $OpenBSD: write.c,v 1.31 2015/10/09 01:37:09 deraadt Exp $ */ /* $NetBSD: write.c,v 1.5 1995/08/31 21:48:32 jtc Exp $ */ /* @@ -250,8 +250,8 @@ do_write(char *tty, char *mytty, uid_t myuid) * Unfortunately this is rather late - well after utmp * parsing, then pinned by the tty open and setresgid */ - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); (void)signal(SIGINT, done); (void)signal(SIGHUP, done); diff --git a/usr.sbin/acpidump/acpidump.c b/usr.sbin/acpidump/acpidump.c index 3d05c6a82ae..a3248b12cbc 100644 --- a/usr.sbin/acpidump/acpidump.c +++ b/usr.sbin/acpidump/acpidump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: acpidump.c,v 1.14 2015/10/04 08:31:01 jmc Exp $ */ +/* $OpenBSD: acpidump.c,v 1.15 2015/10/09 01:37:09 deraadt Exp $ */ /* * Copyright (c) 2000 Mitsuru IWASAKI * All rights reserved. @@ -533,8 +533,8 @@ asl_dump_from_devmem(void) acpi_user_init(); - if (tame("stdio wpath cpath", NULL) == -1) - err(1, "tame"); + if (pledge("stdio wpath cpath", NULL) == -1) + err(1, "pledge"); rp = acpi_find_rsd_ptr(); if (!rp) diff --git a/usr.sbin/arp/arp.c b/usr.sbin/arp/arp.c index 660cf8699a5..c8bda7faeaf 100644 --- a/usr.sbin/arp/arp.c +++ b/usr.sbin/arp/arp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: arp.c,v 1.67 2015/10/07 20:25:40 deraadt Exp $ */ +/* $OpenBSD: arp.c,v 1.68 2015/10/09 01:37:09 deraadt Exp $ */ /* $NetBSD: arp.c,v 1.12 1995/04/24 13:25:18 cgd Exp $ */ /* @@ -251,8 +251,8 @@ getsocket(void) if (setsockopt(s, PF_ROUTE, ROUTE_TABLEFILTER, &rdomain, len) < 0) err(1, "ROUTE_TABLEFILTER"); - if (tame("stdio dns", NULL) == -1) - err(1, "tame"); + if (pledge("stdio dns", NULL) == -1) + err(1, "pledge"); } struct sockaddr_in so_mask = { 8, 0, 0, { 0xffffffff } }; @@ -469,8 +469,8 @@ search(in_addr_t addr, void (*action)(struct sockaddr_dl *sdl, struct sockaddr_inarp *sin; struct sockaddr_dl *sdl; - if (tame("stdio dns route", NULL) == -1) - err(1, "tame"); + if (pledge("stdio dns route", NULL) == -1) + err(1, "pledge"); mib[0] = CTL_NET; mib[1] = PF_ROUTE; diff --git a/usr.sbin/bgpd/rde.c b/usr.sbin/bgpd/rde.c index 4d83e62cfeb..99877446a73 100644 --- a/usr.sbin/bgpd/rde.c +++ b/usr.sbin/bgpd/rde.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rde.c,v 1.340 2015/10/07 20:26:16 deraadt Exp $ */ +/* $OpenBSD: rde.c,v 1.341 2015/10/09 01:37:09 deraadt Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -187,8 +187,8 @@ rde_main(int debug, int verbose) setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("can't drop privileges"); - if (tame("stdio unix route recvfd", NULL) == -1) - fatal("tame"); + if (pledge("stdio unix route recvfd", NULL) == -1) + fatal("pledge"); signal(SIGTERM, rde_sighdlr); signal(SIGINT, rde_sighdlr); diff --git a/usr.sbin/bgpd/session.c b/usr.sbin/bgpd/session.c index 8b9667ed0ba..ff6f4623aae 100644 --- a/usr.sbin/bgpd/session.c +++ b/usr.sbin/bgpd/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.343 2015/10/07 20:25:22 deraadt Exp $ */ +/* $OpenBSD: session.c,v 1.344 2015/10/09 01:37:09 deraadt Exp $ */ /* * Copyright (c) 2003, 2004, 2005 Henning Brauer @@ -219,8 +219,8 @@ session_main(int debug, int verbose) setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("can't drop privileges"); - if (tame("stdio inet recvfd", NULL) == -1) - fatal("tame"); + if (pledge("stdio inet recvfd", NULL) == -1) + fatal("pledge"); signal(SIGTERM, session_sighdlr); signal(SIGINT, session_sighdlr); diff --git a/usr.sbin/ntpd/ntp_dns.c b/usr.sbin/ntpd/ntp_dns.c index eadb0b45869..6046ba7be18 100644 --- a/usr.sbin/ntpd/ntp_dns.c +++ b/usr.sbin/ntpd/ntp_dns.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntp_dns.c,v 1.11 2015/10/03 02:48:54 deraadt Exp $ */ +/* $OpenBSD: ntp_dns.c,v 1.12 2015/10/09 01:37:09 deraadt Exp $ */ /* * Copyright (c) 2003-2008 Henning Brauer @@ -90,8 +90,8 @@ ntp_dns(int pipe_ntp[2], struct ntpd_conf *nconf, struct passwd *pw) fatal(NULL); imsg_init(ibuf_dns, pipe_ntp[1]); - if (tame("dns rw", NULL) == -1) - err(1, "tame"); + if (pledge("dns rw", NULL) == -1) + err(1, "pledge"); while (quit_dns == 0) { pfd[0].fd = ibuf_dns->fd; diff --git a/usr.sbin/ntpd/ntpd.c b/usr.sbin/ntpd/ntpd.c index b5fe4e025fb..6622de2b1fc 100644 --- a/usr.sbin/ntpd/ntpd.c +++ b/usr.sbin/ntpd/ntpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.c,v 1.95 2015/10/03 02:47:15 deraadt Exp $ */ +/* $OpenBSD: ntpd.c,v 1.96 2015/10/09 01:37:09 deraadt Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -565,8 +565,8 @@ ctl_main(int argc, char *argv[]) if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1) err(1, "connect: %s", sockname); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); if ((ibuf_ctl = malloc(sizeof(struct imsgbuf))) == NULL) err(1, NULL); diff --git a/usr.sbin/portmap/portmap.c b/usr.sbin/portmap/portmap.c index 4259e357668..0481dcb20d8 100644 --- a/usr.sbin/portmap/portmap.c +++ b/usr.sbin/portmap/portmap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: portmap.c,v 1.46 2015/10/08 14:02:09 deraadt Exp $ */ +/* $OpenBSD: portmap.c,v 1.47 2015/10/09 01:37:09 deraadt Exp $ */ /*- * Copyright (c) 1996, 1997 Theo de Raadt (OpenBSD). All rights reserved. @@ -246,8 +246,8 @@ main(int argc, char *argv[]) } endpwent(); - if (tame("stdio rpath inet proc", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath inet proc", NULL) == -1) + err(1, "pledge"); if (svc_register(xprt, PMAPPROG, PMAPVERS, reg_service, FALSE) == 0) { syslog(LOG_ERR, "svc_register failed."); @@ -608,8 +608,8 @@ callit(struct svc_req *rqstp, SVCXPRT *xprt) return; } - if (tame("stdio rpath inet", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath inet", NULL) == -1) + err(1, "pledge"); port = pml->pml_map.pm_port; get_myaddress(&me); diff --git a/usr.sbin/tcpdump/privsep.c b/usr.sbin/tcpdump/privsep.c index c57053e68ef..5c780990433 100644 --- a/usr.sbin/tcpdump/privsep.c +++ b/usr.sbin/tcpdump/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.37 2015/10/06 15:39:44 deraadt Exp $ */ +/* $OpenBSD: privsep.c,v 1.38 2015/10/09 01:37:09 deraadt Exp $ */ /* * Copyright (c) 2003 Can Erkin Acar @@ -281,8 +281,8 @@ priv_init(int argc, char **argv) case PRIV_INIT_DONE: test_state(cmd, STATE_RUN); impl_init_done(socks[0], &bpfd); - if (tame("stdio rpath inet unix ioctl dns recvfd", NULL) == -1) - err(1, "tame"); + if (pledge("stdio rpath inet unix ioctl dns recvfd", NULL) == -1) + err(1, "pledge"); break; case PRIV_GETHOSTBYADDR: test_state(cmd, STATE_RUN); diff --git a/usr.sbin/tcpdump/tcpdump.c b/usr.sbin/tcpdump/tcpdump.c index d32f0a25e1c..98d729b1cd1 100644 --- a/usr.sbin/tcpdump/tcpdump.c +++ b/usr.sbin/tcpdump/tcpdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcpdump.c,v 1.73 2015/10/03 00:51:08 deraadt Exp $ */ +/* $OpenBSD: tcpdump.c,v 1.74 2015/10/09 01:37:09 deraadt Exp $ */ /* * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997 @@ -490,8 +490,8 @@ main(int argc, char **argv) if (tflag > 0) thiszone = gmt2local(0); - if (tame("stdio", NULL) == -1) - err(1, "tame"); + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); if (pcap_loop(pd, cnt, printer, pcap_userdata) < 0) { (void)fprintf(stderr, "%s: pcap_loop: %s\n", diff --git a/usr.sbin/traceroute/traceroute.c b/usr.sbin/traceroute/traceroute.c index b25984e8bf8..0b8abfd444c 100644 --- a/usr.sbin/traceroute/traceroute.c +++ b/usr.sbin/traceroute/traceroute.c @@ -1,4 +1,4 @@ -/* $OpenBSD: traceroute.c,v 1.142 2015/10/03 02:22:38 deraadt Exp $ */ +/* $OpenBSD: traceroute.c,v 1.143 2015/10/09 01:37:10 deraadt Exp $ */ /* $NetBSD: traceroute.c,v 1.10 1995/05/21 15:50:45 mycroft Exp $ */ /* @@ -845,11 +845,11 @@ main(int argc, char *argv[]) err(6, "SO_SNDBUF"); if (nflag) { - if (tame("stdio inet", NULL) == -1) - err(1, "tame"); + if (pledge("stdio inet", NULL) == -1) + err(1, "pledge"); } else { - if (tame("stdio inet dns", NULL) == -1) - err(1, "tame"); + if (pledge("stdio inet dns", NULL) == -1) + err(1, "pledge"); } if (getnameinfo(to, to->sa_len, hbuf, -- cgit v1.2.3-59-g8ed1b