script is two processes. the main io-loop process can be locked down with

tame "stdio" since all it does is move data back and forth, while the master
process needs "stdio ioctl" to use TCSAFLUSH at the very end.  TCSAFLUSH is
included in the kernel's rather restrictive ioctl feature lists made
available with the "ioctl" ability.

1 files changed, 7 insertions, 1 deletions

diff --git a/usr.bin/script/script.c b/usr.bin/script/script.c
index 102141a0001..10d57b84548 100644
--- a/usr.bin/script/script.c
+++ b/usr.bin/script/script.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: script.c,v 1.27 2015/07/19 06:12:06 deraadt Exp $	*/
+/*	$OpenBSD: script.c,v 1.28 2015/10/03 02:14:51 deraadt Exp $	*/
 /*	$NetBSD: script.c,v 1.3 1994/12/21 08:55:43 jtc Exp $	*/
 
 /*
@@ -165,6 +165,9 @@ main(int argc, char *argv[])
 	sa.sa_handler = finish;
 	(void)sigaction(SIGCHLD, &sa, NULL);
 
+	if (tame("stdio ioctl", NULL) == -1)
+		err(1, "tame");
+
 	(void)fclose(fscript);
 	while (1) {
 		if (dead)
@@ -248,6 +251,9 @@ dooutput(void)
 	sa.sa_handler = SIG_IGN;
 	(void)sigaction(SIGCHLD, &sa, NULL);
 
+	if (tame("stdio", NULL) != 0)
+		err(1, "tame");
+
 	value.it_interval.tv_sec = 30;
 	value.it_interval.tv_usec = 0;
 	value.it_value = value.it_interval;