upstream commit
pledge "stdio rpath wpath cpath fattr tty proc exec"
except for the -p option (which sadly has insane semantics...) ok semarie
dtucker
Upstream-ID: 8854bbd58279abe00f6c33f8094bdc02c8c65059
diff --git a/scp.c b/scp.c
index 842dc66..0bdd7cb 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.183 2015/10/16 17:07:24 mmcc Exp $ */
+/* $OpenBSD: scp.c,v 1.184 2015/11/27 00:49:31 deraadt Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@@ -484,6 +484,16 @@
if (!isatty(STDOUT_FILENO))
showprogress = 0;
+ if (pflag) {
+ /* Cannot pledge: -p allows setuid/setgid files... */
+ } else {
+ if (pledge("stdio rpath wpath cpath fattr tty proc exec",
+ NULL) == -1) {
+ perror("pledge");
+ exit(1);
+ }
+ }
+
remin = STDIN_FILENO;
remout = STDOUT_FILENO;