From fe266b8dbb140fb7855a7f892731e868a51d6828 Mon Sep 17 00:00:00 2001 From: bluhm Date: Tue, 22 Mar 2016 00:06:55 +0000 Subject: tokenadm(8) is already pledged, do the same for tokeninit(8). - bring comment in both programms in line - tokeninit(8) needs "tty" for readpassphrase(3) - call token_init() after pledge(2) - fix whitespace OK millert@ --- usr.sbin/tokeninit/tokeninit.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'usr.sbin/tokeninit') diff --git a/usr.sbin/tokeninit/tokeninit.c b/usr.sbin/tokeninit/tokeninit.c index e9b34482802..a40ab28bb59 100644 --- a/usr.sbin/tokeninit/tokeninit.c +++ b/usr.sbin/tokeninit/tokeninit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tokeninit.c,v 1.11 2016/02/12 00:10:59 mmcc Exp $ */ +/* $OpenBSD: tokeninit.c,v 1.12 2016/03/22 00:06:55 bluhm Exp $ */ /*- * Copyright (c) 1995 Migration Associates Corp. All Rights Reserved @@ -75,11 +75,19 @@ main(int argc, char **argv) openlog(NULL, LOG_ODELAY, LOG_AUTH); + /* + * Make sure we never dump core as we might have a + * valid user shared-secret in memory. + */ + cds.rlim_cur = 0; cds.rlim_max = 0; if (setrlimit(RLIMIT_CORE, &cds) < 0) syslog(LOG_ERR, "couldn't set core dump size to 0: %m"); + if (pledge("stdio rpath wpath cpath fattr flock getpw tty", NULL) == -1) + err(1, "pledge"); + if (token_init(argv[0]) < 0) { syslog(LOG_ERR, "unknown token type"); errx(1, "unknown token type"); @@ -90,7 +98,7 @@ main(int argc, char **argv) else optstr = "fm:sv"; - while ((c = getopt(argc, argv, optstr)) != -1) + while ((c = getopt(argc, argv, optstr)) != -1) switch (c) { case 'f': /* force initialize existing user account */ cmd |= TOKEN_FORCEINIT; -- cgit v1.2.3-59-g8ed1b