From 083d4b5c5a9247d2db2315cdf15b28b0e6fac6a2 Mon Sep 17 00:00:00 2001 From: mestre Date: Sat, 30 Nov 2019 14:01:45 +0000 Subject: [PATCH] After fork(2) the pledge(2) in the parent proc can be reduced to "stdio rpath sendfd" so that it can call {l,}stat/open and sendfd for imsg_* in order to send fds to the child proc which is already pledged by recvfd to receive them OK brynet@ deraadt@ --- usr.bin/file/file.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/usr.bin/file/file.c b/usr.bin/file/file.c index a0eb5a267ba..3183adb484d 100644 --- a/usr.bin/file/file.c +++ b/usr.bin/file/file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: file.c,v 1.68 2019/02/05 02:17:32 deraadt Exp $ */ +/* $OpenBSD: file.c,v 1.69 2019/11/30 14:01:45 mestre Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -207,6 +207,9 @@ main(int argc, char **argv) } close(pair[1]); + if (pledge("stdio rpath sendfd", NULL) == -1) + err(1, "pledge"); + fclose(magicfp); magicfp = NULL;