Hi all,
I've taken claudio@'s advice and restricted the pledge further. All of the
promises except stdio were for parsing args and opening sockets.
OK?
Thanks,
Ayaka
Index: switchctl.c
===================================================================
RCS file: /cvs/src/usr.sbin/switchctl/switchctl.c,v
retrieving revision 1.8
diff -u -p -u -r1.8 switchctl.c
--- switchctl.c 21 Oct 2018 21:10:24 -0000 1.8
+++ switchctl.c 24 Oct 2018 06:03:25 -0000
@@ -181,6 +181,9 @@ main(int argc, char *argv[])
err(1, "connect: %s", sock);
}
+ if (pledge("stdio", NULL) == -1)
+ err(1, "pledge");
+
if (res->ibuf != NULL)
ibuf = res->ibuf;
else
