I am surprised to see this missing. Covers a pretty short chunk of code and looks obvious.
Ricardo Mestre <[email protected]> wrote: > Hi, > > After fork(2) the main proc needs rpath for {l,}stat/open and sendfd for > imsg_* > to send fds to the child proc which is already pledged by recvfd to receive > them. > > Still passes regress tests, OK? > > Index: file.c > =================================================================== > RCS file: /cvs/src/usr.bin/file/file.c,v > retrieving revision 1.68 > diff -u -p -u -r1.68 file.c > --- file.c 5 Feb 2019 02:17:32 -0000 1.68 > +++ file.c 29 Nov 2019 11:03:47 -0000 > @@ -207,6 +207,9 @@ main(int argc, char **argv) > } > close(pair[1]); > > + if (pledge("stdio rpath sendfd", NULL) == -1) > + err(1, "pledge"); > + > fclose(magicfp); > magicfp = NULL; >
