Call pledge(2) in fc-cache(1): "stdio rpath wpath cpath flock".

ok deraadt@
2025-12-08 18:28:43 +00:00 · 2025-05-23 10:30:39 +00:00
parent fe9c23177e
commit 40f45b02de
1 changed files with 5 additions and 0 deletions
--- a/dist/fontconfig/fc-cache/fc-cache.c
+++ b/dist/fontconfig/fc-cache/fc-cache.c
@@ -39,6 +39,7 @@
 #endif
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <err.h>
 #include <errno.h>
 #include <fcntl.h>
 #ifdef HAVE_DIRENT_H
@@ -378,6 +379,10 @@ main (int argc, char **argv)
 	}
 	systemOnly = FcTrue;
    }
+
+    if (pledge("stdio rpath wpath cpath flock", NULL) == -1)
+        err(1, "pledge");
+
    if (systemOnly)
 	FcConfigEnableHome (FcFalse);
    if (sysroot)