Also apply stricter pledge when secure mode is set via rc file or command.

Pointed out by jesper <at> ifconfig <dot> se

OK brynet@

2 files changed, 16 insertions, 3 deletions

diff --git a/usr.bin/vi/common/options.c b/usr.bin/vi/common/options.c
index abe1b379c15..6e11150b62c 100644
--- a/usr.bin/vi/common/options.c
+++ b/usr.bin/vi/common/options.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: options.c,v 1.26 2017/07/31 19:45:49 martijn Exp $	*/
+/*	$OpenBSD: options.c,v 1.27 2019/05/21 09:24:58 martijn Exp $	*/
 
 /*-
  * Copyright (c) 1991, 1993, 1994
@@ -136,7 +136,7 @@ OPTLIST const optlist[] = {
 /* O_SECTIONS	    4BSD */
 	{"sections",	f_section,	OPT_STR,	0},
 /* O_SECURE	  4.4BSD */
-	{"secure",	NULL,		OPT_0BOOL,	OPT_NOUNSET},
+	{"secure",	f_secure,	OPT_0BOOL,	OPT_NOUNSET},
 /* O_SHELL	    4BSD */
 	{"shell",	NULL,		OPT_STR,	0},
 /* O_SHELLMETA	  4.4BSD */
diff --git a/usr.bin/vi/common/options_f.c b/usr.bin/vi/common/options_f.c
index 6d10b265ee9..94aaddeeb2b 100644
--- a/usr.bin/vi/common/options_f.c
+++ b/usr.bin/vi/common/options_f.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: options_f.c,v 1.12 2017/07/03 07:01:14 bentley Exp $	*/
+/*	$OpenBSD: options_f.c,v 1.13 2019/05/21 09:24:58 martijn Exp $	*/
 
 /*-
  * Copyright (c) 1993, 1994
@@ -207,6 +207,19 @@ f_section(SCR *sp, OPTION *op, char *str, u_long *valp)
 }
 
 /*
+ * PUBLIC: int f_secure(SCR *, OPTION *, char *, u_long *)
+ */
+int
+f_secure(SCR *sp, OPTION *op, char *str, u_long *valp)
+{
+	if (pledge("stdio rpath wpath cpath fattr flock getpw tty", NULL) == -1) {
+		msgq(sp, M_ERR, "pledge failed");
+		return (1);
+	}
+	return (0);
+}
+
+/*
  * PUBLIC: int f_ttywerase(SCR *, OPTION *, char *, u_long *);
  */
 int