Whoops. I meant lock(1) in the subject. I guess making a patch put the
word patch into my head.
On Thu, October 15, 2015 9:25 pm, trondd wrote:
> Is it safer to drop the recently added proc and exec pledges if the
> arguments are not chosen which need them?
>
> Index: lock.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/lock/lock.c,v
> retrieving revision 1.32
> diff -u -p -r1.32 lock.c
> --- lock.c 15 Oct 2015 02:35:04 -0000 1.32
> +++ lock.c 16 Oct 2015 01:22:46 -0000
> @@ -148,6 +148,8 @@ main(int argc, char *argv[])
> strftime(date, sizeof(date), "%c", timp);
>
> if (!usemine) {
> + if (pledge("stdio rpath wpath getpw tty", NULL) == -1)
> + err(1, "pledge");
> /* get key and check again */
> if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF)
> ||
> *s == '\0')
>
