Is it safer to drop the recently added proc and exec pledges if the
arguments are not chosen which need them?
Index: lock.c
===================================================================
RCS file: /cvs/src/usr.bin/lock/lock.c,v
retrieving revision 1.32
diff -u -p -r1.32 lock.c
--- lock.c 15 Oct 2015 02:35:04 -0000 1.32
+++ lock.c 16 Oct 2015 01:22:46 -0000
@@ -148,6 +148,8 @@ main(int argc, char *argv[])
strftime(date, sizeof(date), "%c", timp);
if (!usemine) {
+ if (pledge("stdio rpath wpath getpw tty", NULL) == -1)
+ err(1, "pledge");
/* get key and check again */
if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) ||
*s == '\0')