Pledge for ftp(1) in non-interactive mode.

We will iterate and remove some of the pledges in the future.  This is
conservative for now.

Tested by sthen@ and myself.
ok deraadt@

1 files changed, 23 insertions, 1 deletions

diff --git a/usr.bin/ftp/main.c b/usr.bin/ftp/main.c
index 3b1bc010574..6b7dc346fd1 100644
--- a/usr.bin/ftp/main.c
+++ b/usr.bin/ftp/main.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.102 2015/02/22 15:09:54 jsing Exp $	*/
+/*	$OpenBSD: main.c,v 1.103 2015/10/16 05:35:19 doug Exp $	*/
 /*	$NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $	*/
 
 /*
@@ -442,6 +442,28 @@ main(volatile int argc, char *argv[])
 
 	if (argc > 0) {
 		if (isurl(argv[0])) {
+			if (pipeout) {
+#ifndef SMALL
+				if (pledge("stdio rpath tty inet fattr",
+				    NULL) == -1)
+					err(1, "pledge");
+#else
+				if (pledge("stdio rpath tty inet proc exec fattr",
+				    NULL) == -1)
+					err(1, "pledge");
+#endif
+			} else {
+#ifndef SMALL
+				if (pledge("stdio rpath wpath cpath tty inet fattr",
+				    NULL) == -1)
+					err(1, "pledge");
+#else
+				if (pledge("stdio rpath wpath cpath tty inet proc exec fattr",
+				    NULL) == -1)
+					err(1, "pledge");
+#endif
+			}
+
 			rval = auto_fetch(argc, argv, outfile);
 			if (rval >= 0)		/* -1 == connected and cd-ed */
 				exit(rval);