Hi,
After pledge(2) is called there are no getpw* associated functions that get
called so we can drop the promise.
Although we manipulate files associated with getpw all the remaining code is
kept happy with "rpath wpath cpath fattr flock", this has been tested directly
and also via vipw(8).
OK?
Index: pwd_mkdb.c
===================================================================
RCS file: /cvs/src/usr.sbin/pwd_mkdb/pwd_mkdb.c,v
retrieving revision 1.53
diff -u -p -u -r1.53 pwd_mkdb.c
--- pwd_mkdb.c 5 Nov 2015 15:10:11 -0000 1.53
+++ pwd_mkdb.c 23 Aug 2018 09:29:24 -0000
@@ -233,7 +233,7 @@ main(int argc, char **argv)
warn("%s: unable to make group readable", _PATH_SMP_DB);
clean |= FILE_SECURE;
- if (pledge("stdio rpath wpath cpath getpw fattr flock", NULL) == -1)
+ if (pledge("stdio rpath wpath cpath fattr flock", NULL) == -1)
err(1, "pledge");
/* Open the temporary insecure password database. */
