tmux can call pledge() in main with large set and then reduce it

slightly in the server to "stdio rpath wpath cpath fattr unix recvfd
proc exec tty ps".

2 files changed, 11 insertions, 2 deletions

diff --git a/usr.bin/tmux/server.c b/usr.bin/tmux/server.c
index b8c892c95ae..741b7ed0b72 100644
--- a/usr.bin/tmux/server.c
+++ b/usr.bin/tmux/server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: server.c,v 1.142 2015/10/22 10:48:30 nicm Exp $ */
+/* $OpenBSD: server.c,v 1.143 2015/10/23 16:07:29 nicm Exp $ */
 
 /*
  * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
@@ -178,6 +178,10 @@ server_start(struct event_base *base, int lockfd, char *lockfile)
 	}
 	close(pair[0]);
 
+	if (pledge("stdio rpath wpath cpath fattr unix recvfd proc exec tty "
+	    "ps", NULL) != 0)
+		fatal("pledge failed");
+
 	/*
 	 * Must daemonise before loading configuration as the PID changes so
 	 * $TMUX would be wrong for sessions created in the config file.
diff --git a/usr.bin/tmux/tmux.c b/usr.bin/tmux/tmux.c
index 91d28dab528..11fde3a0a91 100644
--- a/usr.bin/tmux/tmux.c
+++ b/usr.bin/tmux/tmux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tmux.c,v 1.144 2015/09/14 12:12:24 nicm Exp $ */
+/* $OpenBSD: tmux.c,v 1.145 2015/10/23 16:07:29 nicm Exp $ */
 
 /*
  * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
@@ -19,6 +19,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 
+#include <err.h>
 #include <errno.h>
 #include <event.h>
 #include <fcntl.h>
@@ -254,6 +255,10 @@ main(int argc, char **argv)
 	if (shell_cmd != NULL && argc != 0)
 		usage();
 
+	if (pledge("stdio rpath wpath cpath flock fattr unix sendfd recvfd "
+	    "proc exec tty ps", NULL) != 0)
+		err(1, "pledge");
+
 	if (!(flags & CLIENT_UTF8)) {
 		/*
 		 * If the user has set whichever of LC_ALL, LC_CTYPE or LANG