Hi,
unbound-checkconf(8) needs to chdir(2) and then open(2) the config file and
to call getpwnam(3). This means it needs to pledge for rpath and getpw, but
after calling getpwnam(3) the config file was already loaded so we can drop
both promises afterwards.
Comments? OK?
Index: unbound-checkconf.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/smallapp/unbound-checkconf.c,v
retrieving revision 1.11
diff -u -p -u -r1.11 unbound-checkconf.c
--- unbound-checkconf.c 8 Feb 2019 10:29:08 -0000 1.11
+++ unbound-checkconf.c 22 May 2019 12:49:12 -0000
@@ -588,6 +588,10 @@ morechecks(struct config_file* cfg)
# endif
}
#endif
+
+ if (pledge("stdio", NULL) == -1)
+ fatal_exit("Could not pledge");
+
if(cfg->remote_control_enable && options_remote_is_address(cfg)
&& cfg->control_use_cert) {
check_chroot_string("server-key-file", &cfg->server_key_file,
@@ -724,6 +728,10 @@ int main(int argc, char* argv[])
if(argc == 1)
f = argv[0];
else f = cfgfile;
+
+ if (pledge("stdio rpath getpw", NULL) == -1)
+ fatal_exit("Could not pledge");
+
checkconf(f, opt, final);
checklock_stop();
return 0;
