From 3ae6636769651e19a636dc90cbb3cd95d99222c8 Mon Sep 17 00:00:00 2001 From: deraadt Date: Mon, 23 Feb 2026 16:45:16 +0000 Subject: [PATCH] replace pledge "stdio rpath tmppath" with unveil "/tmp" "rwc" to satisfy mktemp(3) type operations, unveil "/" "r" for reading all over the tree, and pledge "stdio rpath wpath cpath" to permit both unveils subject to their own limitations. --- gnu/usr.bin/binutils-2.17/binutils/objdump.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/gnu/usr.bin/binutils-2.17/binutils/objdump.c b/gnu/usr.bin/binutils-2.17/binutils/objdump.c index bcd1a20a299..6707f3c9949 100644 --- a/gnu/usr.bin/binutils-2.17/binutils/objdump.c +++ b/gnu/usr.bin/binutils-2.17/binutils/objdump.c @@ -2962,7 +2962,11 @@ main (int argc, char **argv) bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); - if (pledge ("stdio rpath tmppath", NULL) == -1) + if (unveil ("/tmp", "rwc") == -1) + fatal (_("Failed to unveil /tmp")); + if (unveil ("/", "r") == -1) + fatal (_("Failed to unveil /")); + if (pledge ("stdio rpath wpath cpath", NULL) == -1) fatal (_("Failed to pledge")); program_name = *argv;