From 2ba9e6c866bafd9131bd0c5395e3c87aad203296 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Sat, 9 Jan 2021 17:53:30 +0100
Subject: [PATCH] su: Use pledge() :^)

Not sure why we hadn't done this one sooner, seems like a high-value
program to pledge.
---
 Userland/su.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/Userland/su.cpp b/Userland/su.cpp
index 38d8b67ef1..a91e67518b 100644
--- a/Userland/su.cpp
+++ b/Userland/su.cpp
@@ -36,6 +36,11 @@ extern "C" int main(int, char**);
 
 int main(int argc, char** argv)
 {
+    if (pledge("stdio rpath tty exec id", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
     if (!isatty(STDIN_FILENO)) {
         warnln("{}: standard in is not a terminal", argv[0]);
         return 1;
@@ -58,6 +63,11 @@ int main(int argc, char** argv)
         return 1;
     }
 
+    if (pledge("stdio tty exec id", nullptr) < 0) {
+        perror("pledge");
+        return 1;
+    }
+
     Core::Account account = account_or_error.value();
 
     if (getuid() != 0 && account.has_password()) {