diff options
Diffstat (limited to 'usr.bin/signify')
| -rw-r--r-- | usr.bin/signify/signify.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c index 06d28dae022..ec80973a5b0 100644 --- a/usr.bin/signify/signify.c +++ b/usr.bin/signify/signify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: signify.c,v 1.100 2015/01/16 06:16:12 tedu Exp $ */ +/* $OpenBSD: signify.c,v 1.101 2015/10/08 16:45:50 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org> * @@ -663,6 +663,8 @@ main(int argc, char **argv) VERIFY } verb = NONE; + if (tame("stdio rpath wpath cpath tty", NULL) == -1) + err(1, "tame"); rounds = 42; @@ -722,6 +724,30 @@ main(int argc, char **argv) argc -= optind; argv += optind; + switch (verb) { + case GENERATE: + case SIGN: + /* keep it all */ + break; + case CHECK: + if (tame("stdio rpath", NULL) == -1) + err(1, "tame"); + break; + case VERIFY: + if (embedded && (!msgfile || strcmp(msgfile, "-") != 0)) { + if (tame("stdio rpath wpath cpath", NULL) == -1) + err(1, "tame"); + } else { + if (tame("stdio rpath", NULL) == -1) + err(1, "tame"); + } + break; + default: + if (tame("stdio", NULL) == -1) + err(1, "tame"); + break; + } + #ifndef VERIFYONLY if (verb == CHECK) { if (!sigfile) |