mirrors/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity.git synced 2025-01-24 18:32:28 -05:00
Code Issues Projects Releases Packages Wiki Activity

su: Use pledge() :^)

Browse source 
Not sure why we hadn't done this one sooner, seems like a high-value
program to pledge.
This commit is contained in:
Andreas Kling 2021-01-09 17:53:30 +01:00
parent 71d23bb262
commit 2ba9e6c866
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
Userland/su.cpp
View file

@ -36,6 +36,11 @@ extern "C" int main(int, char**);
int main(int argc, char** argv)
{
if (pledge("stdio rpath tty exec id", nullptr) < 0) {
perror("pledge");
return 1;
}
if (!isatty(STDIN_FILENO)) {
warnln("{}: standard in is not a terminal", argv[0]);
return 1;
@ -58,6 +63,11 @@ int main(int argc, char** argv)
return 1;
}
if (pledge("stdio tty exec id", nullptr) < 0) {
perror("pledge");
return 1;
}
Core::Account account = account_or_error.value();
if (getuid() != 0 && account.has_password()) {