diff options
| author | mestre <mestre@cvs.openbsd.org> | 2015-12-30 12:27:19 +0000 |
|---|---|---|
| committer | mestre <mestre@cvs.openbsd.org> | 2015-12-30 12:27:19 +0000 |
| commit | 40c872ba8b50d97cd89d6e637a95cf1895ccbdce (patch) | |
| tree | 49a71cdea1fdb31dd1dde33ef0ed4073340e67aa | |
| parent | e69a3c5d320cda72d4121ed5dd5fd91013fe7441 (diff) | |
pledge(2) tokenadm(8): it needs "rpath wpath cpath fattr flock" for operations
on the DB files and before that it also needs "getpw" due to calling getgrnam(3)
to get the group (TOKEN_GROUP).
This was OK bluhm@ and also with a slightly tweak sugested from him
| -rw-r--r-- | usr.sbin/tokenadm/tokenadm.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.sbin/tokenadm/tokenadm.c b/usr.sbin/tokenadm/tokenadm.c index 6bdde8f9bab..b9ce29e0758 100644 --- a/usr.sbin/tokenadm/tokenadm.c +++ b/usr.sbin/tokenadm/tokenadm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tokenadm.c,v 1.10 2015/01/16 06:40:22 deraadt Exp $ */ +/* $OpenBSD: tokenadm.c,v 1.11 2015/12/30 12:27:18 mestre Exp $ */ /*- * Copyright (c) 1995 Migration Associates Corp. All Rights Reserved @@ -103,6 +103,9 @@ main(int argc, char **argv) if (setrlimit(RLIMIT_CORE, &cds) < 0) syslog(LOG_ERR, "couldn't set core dump size to 0: %m"); + if (pledge("stdio rpath wpath cpath fattr flock getpw", NULL) == -1) + err(1, "pledge"); + while ((c = getopt(argc, argv, "BDERT1dem:r")) != -1) switch (c) { case 'B': |