Or even better keep the #ifndef since mknod(8) already has dpath annotation:
Index: main.c
===================================================================
RCS file: /cvs/src/bin/ksh/main.c,v
retrieving revision 1.75
diff -u -p -u -r1.75 main.c
--- main.c 14 Dec 2015 13:59:42 -0000 1.75
+++ main.c 26 Dec 2015 18:31:45 -0000
@@ -160,6 +160,12 @@ main(int argc, char *argv[])
perror("pledge");
exit(1);
}
+#else
+ if (pledge("stdio rpath wpath cpath dpath fattr flock getpw proc exec
tty",
+ NULL) == -1) {
+ perror("pledge");
+ exit(1);
+ }
#endif
On 18:28 Sat 26 Dec , Ricardo Mestre wrote:
> Hi tech@
>
> Now that dpath annotation in pledge(2) is available then #ifndef MKNOD can be
> removed and enforce pledge(2) on all codepaths, is this correct, comments?
>
> Index: main.c
> ===================================================================
> RCS file: /cvs/src/bin/ksh/main.c,v
> retrieving revision 1.75
> diff -u -p -u -r1.75 main.c
> --- main.c 14 Dec 2015 13:59:42 -0000 1.75
> +++ main.c 26 Dec 2015 18:23:34 -0000
> @@ -154,13 +154,11 @@ main(int argc, char *argv[])
>
> kshname = argv[0];
>
> -#ifndef MKNOD
> - if (pledge("stdio rpath wpath cpath fattr flock getpw proc exec tty",
> + if (pledge("stdio rpath wpath cpath dpath fattr flock getpw proc exec
> tty",
> NULL) == -1) {
> perror("pledge");
> exit(1);
> }
> -#endif
>
> ainit(&aperm); /* initialize permanent Area */
>
