summaryrefslogtreecommitdiff
path: root/usr.bin/passwd/local_passwd.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin/passwd/local_passwd.c')
-rw-r--r--usr.bin/passwd/local_passwd.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/usr.bin/passwd/local_passwd.c b/usr.bin/passwd/local_passwd.c
index 02b173e41e5..2c9f4b69c58 100644
--- a/usr.bin/passwd/local_passwd.c
+++ b/usr.bin/passwd/local_passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: local_passwd.c,v 1.45 2015/10/25 08:39:26 ajacoutot Exp $ */
+/* $OpenBSD: local_passwd.c,v 1.46 2015/11/26 19:01:47 deraadt Exp $ */
/*-
* Copyright (c) 1990 The Regents of the University of California.
@@ -66,13 +66,13 @@ local_passwd(char *uname, int authenticated)
int pwflags = _PASSWORD_OMITV7;
if (!(pw = getpwnam(uname))) {
-#ifdef YP
- extern int use_yp;
- if (!use_yp)
-#endif
warnx("unknown user %s.", uname);
return(1);
}
+
+ if (pledge("stdio rpath wpath cpath getpw tty id proc exec", NULL) == -1)
+ err(1, "pledge");
+
if ((opw = pw_dup(pw)) == NULL) {
warn(NULL);
return(1);
@@ -93,6 +93,9 @@ local_passwd(char *uname, int authenticated)
/* Get the new password. */
pw->pw_passwd = getnewpasswd(pw, lc, authenticated);
+ if (pledge("stdio rpath wpath cpath getpw id proc exec", NULL) == -1)
+ err(1, "pledge");
+
/* Reset password change time based on login.conf. */
period = (time_t)login_getcaptime(lc, "passwordtime",
(quad_t)0, (quad_t)0);
@@ -115,6 +118,9 @@ local_passwd(char *uname, int authenticated)
sigdelset(&fullset, SIGINT);
sigprocmask(SIG_BLOCK, &fullset, NULL);
+ if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1)
+ err(1, "pledge");
+
/* Get a lock on the passwd file and open it. */
pw_init();
for (i = 1; (tfd = pw_lock(0)) == -1; i++) {
@@ -155,7 +161,7 @@ getnewpasswd(struct passwd *pw, login_cap_t *lc, int authenticated)
savequit = signal(SIGQUIT, kbintr);
if (!authenticated) {
- (void)printf("Changing local password for %s.\n", pw->pw_name);
+ (void)printf("Changing password for %s.\n", pw->pw_name);
if (uid != 0 && pw->pw_passwd[0] != '\0') {
p = getpass("Old password:");
if (p == NULL || *p == '\0') {