CVSROOT: /cvs
Module name: src
Changes by: k...@cvs.openbsd.org 2021/01/20 00:30:51
Modified files:
usr.bin/doas : doas.c
Log message:
Pledge before authentication when possible
Generally, pleding before parsing the file seems hardly possible due to
unveil() being involved.
Pledging in case of the winning rule being a "persist" one is not possible
either due to TIOC{SET,CHK}VERAUTH not being allowed in the "tty" pledge.
But if "persist" is not used, we can pledge before authentication
without having to hoist or chang anything.
Feedback deraadt tedu
OK tdeu
