From 265defbeebe192abb73097656541af27a1342b4e Mon Sep 17 00:00:00 2001 From: Job Snijders Date: Wed, 1 Sep 2021 16:04:41 +0000 Subject: pledge() timeout Feedback from deraadt@ --- usr.bin/timeout/timeout.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'usr.bin/timeout') diff --git a/usr.bin/timeout/timeout.c b/usr.bin/timeout/timeout.c index d2b1459aab7..6ad14e81d1b 100644 --- a/usr.bin/timeout/timeout.c +++ b/usr.bin/timeout/timeout.c @@ -193,11 +193,6 @@ main(int argc, char **argv) SIGQUIT, }; - foreground = preserve = 0; - second_kill = 0; - cpid = -1; - pgid = -1; - const struct option longopts[] = { { "preserve-status", no_argument, &preserve, 1 }, { "foreground", no_argument, &foreground, 1 }, @@ -207,6 +202,14 @@ main(int argc, char **argv) { NULL, 0, NULL, 0 } }; + if (pledge("stdio proc exec", NULL) == -1) + err(1, "pledge"); + + foreground = preserve = 0; + second_kill = 0; + cpid = -1; + pgid = -1; + while ((ch = getopt_long(argc, argv, "+k:s:h", longopts, NULL)) != -1) { switch (ch) { case 'k': @@ -276,6 +279,9 @@ main(int argc, char **argv) err(1, "exec()"); } + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); + if (sigprocmask(SIG_BLOCK, &signals.sa_mask, NULL) == -1) err(1, "sigprocmask()"); -- cgit v1.2.3