From 4763032430834ff1d7dfe4293826cf845a71b990 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Thu, 21 Nov 2019 02:15:41 +0100
Subject: pledge(2) all programs

All programs except mshow have a very tight set of promises. mshow
has a broad set of promises and might be a good future candidate
to further restrict using unveil(2).

This patch is based on commit 0300a112 by Alex Holst (dated
2017-12-07), which was proposed in GH PR #79.

* pledged mpick, mflow and mdate so that now all programs are pledged
* removed some unneeded promises and added some missing promises
* move err.h include and OpenBSD ifdef into a new xpledge.h
* cleaned up code aligning and whitespace

Closes: #179 [via git-merge-pr]
---
 mscan.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'mscan.c')

diff --git a/mscan.c b/mscan.c
index 6ae1628..52ba9a4 100644
--- a/mscan.c
+++ b/mscan.c
@@ -2,6 +2,8 @@
 #define _XOPEN_SOURCE 700
 #endif
 
+#include "xpledge.h"
+
 #include <sys/ioctl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
@@ -549,6 +551,8 @@ main(int argc, char *argv[])
 			exit(1);
 		}
 
+	xpledge("stdio rpath tty proc exec", NULL);
+
 	if (nflag) {
 		if (argc == optind && isatty(0))
 			blaze822_loop1(":", numline);
@@ -584,6 +588,9 @@ main(int argc, char *argv[])
 	}
 	if (ttyfd >= 0)
 		close(ttyfd);
+
+	xpledge("stdio rpath", "");
+
 	if (getenv("COLUMNS"))
 		cols = atoi(getenv("COLUMNS"));
 	if (cols <= 40)
-- 
cgit 1.4.1