Whoops. I meant lock(1) in the subject. I guess making a patch put the word patch into my head.
On Thu, October 15, 2015 9:25 pm, trondd wrote: > Is it safer to drop the recently added proc and exec pledges if the > arguments are not chosen which need them? > > Index: lock.c > =================================================================== > RCS file: /cvs/src/usr.bin/lock/lock.c,v > retrieving revision 1.32 > diff -u -p -r1.32 lock.c > --- lock.c 15 Oct 2015 02:35:04 -0000 1.32 > +++ lock.c 16 Oct 2015 01:22:46 -0000 > @@ -148,6 +148,8 @@ main(int argc, char *argv[]) > strftime(date, sizeof(date), "%c", timp); > > if (!usemine) { > + if (pledge("stdio rpath wpath getpw tty", NULL) == -1) > + err(1, "pledge"); > /* get key and check again */ > if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) > || > *s == '\0') >