hi, this is pledge() in newsyslog.
please check & test... and is someone using monitormode, please say so ;) (oh, and oks?) diff --git usr.bin/newsyslog/newsyslog.c usr.bin/newsyslog/newsyslog.c index 761da36..acfd871 100644 --- usr.bin/newsyslog/newsyslog.c +++ usr.bin/newsyslog/newsyslog.c @@ -191,11 +191,20 @@ main(int argc, char **argv) struct pidinfo *pidlist, *pl; int status, listlen; char **av; + + if (pledge("stdio rpath wpath cpath fattr exec proc", NULL) == -1) + err(1,"pledge"); parse_args(argc, argv); argc -= optind; argv += optind; + if (noaction && pledge("stdio rpath", NULL) == -1) + err(1,"pledge"); + else if (!monitormode && pledge("stdio rpath wpath cpath fattr proc", + NULL) == -1) + err(1,"pledge"); + if (needroot && getuid() && geteuid()) errx(1, "You must be root.");