upstream commit pledge "stdio rpath wpath cpath fattr tty proc exec" except for the -p option (which sadly has insane semantics...) ok semarie dtucker Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059

commit: 9080bd0b9cf10d0f13b1f642f20cb84285cb8d65 [log] [tgz]
author: deraadt@openbsd.org <deraadt@openbsd.org> Fri Nov 27 00:49:31 2015 +0000
committer: Damien Miller <djm@mindrot.org> Sat Nov 28 17:44:33 2015 +1100
tree: 079b3b90ded6e62591ec55d6a6ea0b54a2867faf
parent: 4d90625b229cf6b3551d81550a9861897509a65f [diff] [blame]
diff --git a/scp.c b/scp.c
index 842dc66..0bdd7cb 100644
--- a/scp.c
+++ b/scp.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.183 2015/10/16 17:07:24 mmcc Exp $ */
+/* $OpenBSD: scp.c,v 1.184 2015/11/27 00:49:31 deraadt Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -484,6 +484,16 @@
 	if (!isatty(STDOUT_FILENO))
 		showprogress = 0;
 
+	if (pflag) {
+		/* Cannot pledge: -p allows setuid/setgid files... */
+	} else {
+		if (pledge("stdio rpath wpath cpath fattr tty proc exec",
+		    NULL) == -1) {
+			perror("pledge");
+			exit(1);
+		}
+	}
+
 	remin = STDIN_FILENO;
 	remout = STDOUT_FILENO;
commit	9080bd0b9cf10d0f13b1f642f20cb84285cb8d65	[log] [tgz]
author	deraadt@openbsd.org <deraadt@openbsd.org>	Fri Nov 27 00:49:31 2015 +0000
committer	Damien Miller <djm@mindrot.org>	Sat Nov 28 17:44:33 2015 +1100
tree	079b3b90ded6e62591ec55d6a6ea0b54a2867faf
parent	4d90625b229cf6b3551d81550a9861897509a65f [diff] [blame]