diff options
author | Job Snijders <job@cvs.openbsd.org> | 2021-09-01 16:04:41 +0000 |
---|---|---|
committer | Job Snijders <job@cvs.openbsd.org> | 2021-09-01 16:04:41 +0000 |
commit | 265defbeebe192abb73097656541af27a1342b4e (patch) | |
tree | 01b9a2e4756e0e154338aa160730b3c13fe6ef38 | |
parent | 2491a569766ec8e2f2e5715601bc51dc1f28e554 (diff) |
pledge() timeout
Feedback from deraadt@
-rw-r--r-- | usr.bin/timeout/timeout.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/usr.bin/timeout/timeout.c b/usr.bin/timeout/timeout.c index d2b1459aab7..6ad14e81d1b 100644 --- a/usr.bin/timeout/timeout.c +++ b/usr.bin/timeout/timeout.c @@ -193,11 +193,6 @@ main(int argc, char **argv) SIGQUIT, }; - foreground = preserve = 0; - second_kill = 0; - cpid = -1; - pgid = -1; - const struct option longopts[] = { { "preserve-status", no_argument, &preserve, 1 }, { "foreground", no_argument, &foreground, 1 }, @@ -207,6 +202,14 @@ main(int argc, char **argv) { NULL, 0, NULL, 0 } }; + if (pledge("stdio proc exec", NULL) == -1) + err(1, "pledge"); + + foreground = preserve = 0; + second_kill = 0; + cpid = -1; + pgid = -1; + while ((ch = getopt_long(argc, argv, "+k:s:h", longopts, NULL)) != -1) { switch (ch) { case 'k': @@ -276,6 +279,9 @@ main(int argc, char **argv) err(1, "exec()"); } + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); + if (sigprocmask(SIG_BLOCK, &signals.sa_mask, NULL) == -1) err(1, "sigprocmask()"); |