From 7bec96735af63fb239165864ca0358e3ba16dc0e Mon Sep 17 00:00:00 2001
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Sat, 3 Oct 2015 03:28:36 +0000
Subject: right at startup, this can tame "stdio cpath rpath wpath".  after
 getopt -h has handled write/creating a file, we can drop to tame "stdio
 rpath" since md5 will only read files after that. i believe i involved lteo
 for this.

---
 bin/md5/md5.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'bin/md5')

diff --git a/bin/md5/md5.c b/bin/md5/md5.c
index c039b6053de..63751cb1e18 100644
--- a/bin/md5/md5.c
+++ b/bin/md5/md5.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: md5.c,v 1.79 2015/01/19 16:43:28 deraadt Exp $	*/
+/*	$OpenBSD: md5.c,v 1.80 2015/10/03 03:28:35 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2001,2003,2005-2007,2010,2013,2014
@@ -200,6 +200,9 @@ main(int argc, char **argv)
 	int fl, error, base64, i;
 	int bflag, cflag, pflag, rflag, tflag, xflag;
 
+	if (tame("stdio cpath rpath wpath", NULL) == -1)
+		err(1, "tame");
+
 	TAILQ_INIT(&hl);
 	input_string = NULL;
 	selective_checklist = NULL;
@@ -311,6 +314,9 @@ main(int argc, char **argv)
 	if (ofile == NULL)
 		ofile = stdout;
 
+	if (tame("stdio rpath", NULL) != 0)
+		err(1, "tame");
+
 	/* Most arguments are mutually exclusive */
 	fl = pflag + (tflag ? 1 : 0) + xflag + cflag + (input_string != NULL);
 	if (fl > 1 || (fl && argc && cflag == 0) || (rflag && qflag) ||
-- 
cgit v1.2.3