Initial support for pledges in openssl(1) commands.

openssl(1) has two mechanisms for operating: either a single execution
of one command (looking at argv[0] or argv[1]) or as an interactive
session than may execute any number of commands.

We already have a top level pledge that should cover all commands
and that's what interactive mode must continue using.  However, we can
tighten up the pledges when only executing one command.

This is an initial stab at support and may contain regressions.  Most
commands only need "stdio rpath wpath cpath".  The pledges could be
further restricted by evaluating the situation after parsing options.

deraadt@ and beck@ are roughly fine with this approach.

1 files changed, 7 insertions, 1 deletions

diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index 11e9814135..198508398b 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_server.c,v 1.19 2015/10/06 03:29:49 deraadt Exp $ */
+/* $OpenBSD: s_server.c,v 1.20 2015/10/10 22:28:51 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -603,6 +603,12 @@ s_server_main(int argc, char *argv[])
         tlsextnextprotoctx next_proto = { NULL, 0 };
         const char *alpn_in = NULL;
         tlsextalpnctx alpn_ctx = { NULL, 0 };
+
+        if (single_execution) {
+                if (pledge("stdio inet rpath", NULL) == -1)
+                        perror("pledge");
+        }
+
         meth = SSLv23_server_method();
 
         local_argc = argc;