Pledge; OK millert@

2 files changed, 13 insertions, 2 deletions

diff --git a/usr.bin/skeyaudit/skeyaudit.c b/usr.bin/skeyaudit/skeyaudit.c
index 381c271b6dc..335382d8292 100644
--- a/usr.bin/skeyaudit/skeyaudit.c
+++ b/usr.bin/skeyaudit/skeyaudit.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: skeyaudit.c,v 1.25 2015/01/16 06:40:11 deraadt Exp $	*/
+/*	$OpenBSD: skeyaudit.c,v 1.26 2015/11/01 14:02:37 tim Exp $	*/
 
 /*
  * Copyright (c) 1997, 2000, 2003 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -47,6 +47,9 @@ main(int argc, char **argv)
 	char *name;
 	int ch, left, aflag, iflag, limit;
 
+	if (pledge("stdio rpath wpath flock getpw proc exec id", NULL) == -1)
+		err(1, "pledge");
+
 	aflag = iflag = 0;
 	limit = 12;
 	while ((ch = getopt(argc, argv, "ail:")) != -1)
@@ -72,6 +75,11 @@ main(int argc, char **argv)
 			usage();
 	}
 
+	if (iflag) {
+		if (pledge("stdio rpath wpath flock getpw", NULL) == -1)
+			err(1, "pledge");
+	}
+
 	/*
 	 * Make sure STDIN_FILENO, STDOUT_FILENO, and STDERR_FILENO are open.
 	 * If not, open /dev/null in their place or bail.
diff --git a/usr.bin/skeyinfo/skeyinfo.c b/usr.bin/skeyinfo/skeyinfo.c
index bf3cdc63dc6..514fe21dc66 100644
--- a/usr.bin/skeyinfo/skeyinfo.c
+++ b/usr.bin/skeyinfo/skeyinfo.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: skeyinfo.c,v 1.14 2003/06/17 21:56:26 millert Exp $	*/
+/*	$OpenBSD: skeyinfo.c,v 1.15 2015/11/01 14:02:37 tim Exp $	*/
 
 /*
  * Copyright (c) 1997, 2001, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
@@ -42,6 +42,9 @@ main(int argc, char **argv)
 	char *name = NULL;
 	int error, ch, verbose = 0;
 
+	if (pledge("stdio rpath wpath flock getpw", NULL) == -1)
+		err(1, "pledge");
+
 	while ((ch = getopt(argc, argv, "v")) != -1)
 		switch(ch) {
 		case 'v':