diff options
author | deraadt@openbsd.org <deraadt@openbsd.org> | 2015-11-27 00:49:31 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-11-28 17:44:33 +1100 |
commit | 9080bd0b9cf10d0f13b1f642f20cb84285cb8d65 (patch) | |
tree | 079b3b90ded6e62591ec55d6a6ea0b54a2867faf | |
parent | 4d90625b229cf6b3551d81550a9861897509a65f (diff) |
upstream commit
pledge "stdio rpath wpath cpath fattr tty proc exec"
except for the -p option (which sadly has insane semantics...) ok semarie
dtucker
Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059
-rw-r--r-- | scp.c | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: scp.c,v 1.183 2015/10/16 17:07:24 mmcc Exp $ */ | 1 | /* $OpenBSD: scp.c,v 1.184 2015/11/27 00:49:31 deraadt Exp $ */ |
2 | /* | 2 | /* |
3 | * scp - secure remote copy. This is basically patched BSD rcp which | 3 | * scp - secure remote copy. This is basically patched BSD rcp which |
4 | * uses ssh to do the data transfer (instead of using rcmd). | 4 | * uses ssh to do the data transfer (instead of using rcmd). |
@@ -484,6 +484,16 @@ main(int argc, char **argv) | |||
484 | if (!isatty(STDOUT_FILENO)) | 484 | if (!isatty(STDOUT_FILENO)) |
485 | showprogress = 0; | 485 | showprogress = 0; |
486 | 486 | ||
487 | if (pflag) { | ||
488 | /* Cannot pledge: -p allows setuid/setgid files... */ | ||
489 | } else { | ||
490 | if (pledge("stdio rpath wpath cpath fattr tty proc exec", | ||
491 | NULL) == -1) { | ||
492 | perror("pledge"); | ||
493 | exit(1); | ||
494 | } | ||
495 | } | ||
496 | |||
487 | remin = STDIN_FILENO; | 497 | remin = STDIN_FILENO; |
488 | remout = STDOUT_FILENO; | 498 | remout = STDOUT_FILENO; |
489 | 499 | ||