diff options
Diffstat (limited to 'usr.bin/doas/doas.c')
| -rw-r--r-- | usr.bin/doas/doas.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index 12ccf25c970..ff3a59c881d 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.86 2021/01/16 09:18:41 martijn Exp $ */ +/* $OpenBSD: doas.c,v 1.87 2021/01/20 07:30:51 kn Exp $ */ /* * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> * @@ -206,11 +206,15 @@ authuser(char *myname, char *login_style, int persist) auth_session_t *as; int fd = -1; - if (persist) + if (persist) { fd = open("/dev/tty", O_RDWR); - if (fd != -1) { - if (ioctl(fd, TIOCCHKVERAUTH) == 0) - goto good; + if (fd != -1) { + if (ioctl(fd, TIOCCHKVERAUTH) == 0) + goto good; + } + } else { + if (pledge("stdio rpath getpw exec id unveil", NULL) == -1) + err(1, "pledge"); } if (!(as = auth_userchallenge(myname, login_style, "auth-doas", |