diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2019-10-14 19:22:18 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2019-10-14 19:22:18 +0000 |
commit | e0f954bbd2214f8e2a6e175df2e8819072944c0d (patch) | |
tree | 976a785c7af5bcccc02ade87f65804ce1bde5858 | |
parent | 75e733194e284b1e61644f833693d214ef0ce689 (diff) |
pledge() won't work but we can use unveil() to reduce filesystem access
in these 3 related programs (they borrow parts of each other using .PATH)
Hopefully no regressions, ktrace checks by myself and mestre
-rw-r--r-- | usr.bin/systat/main.c | 7 | ||||
-rw-r--r-- | usr.bin/vmstat/vmstat.c | 20 | ||||
-rw-r--r-- | usr.sbin/iostat/iostat.c | 8 |
3 files changed, 25 insertions, 10 deletions
diff --git a/usr.bin/systat/main.c b/usr.bin/systat/main.c index 7df80a19c3a..09e9f77506b 100644 --- a/usr.bin/systat/main.c +++ b/usr.bin/systat/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.70 2019/06/28 13:35:04 deraadt Exp $ */ +/* $OpenBSD: main.c,v 1.71 2019/10/14 19:22:17 deraadt Exp $ */ /* * Copyright (c) 2001, 2007 Can Erkin Acar * Copyright (c) 2001 Daniel Hartmeier @@ -526,6 +526,11 @@ main(int argc, char *argv[]) setup_term(maxlines); + if (unveil("/", "r") == -1) + err(1, "unveil"); + if (unveil(NULL, NULL) == -1) + err(1, "unveil"); + if (rawmode && countmax == 0) countmax = 1; diff --git a/usr.bin/vmstat/vmstat.c b/usr.bin/vmstat/vmstat.c index af88afcb006..742ce0022f1 100644 --- a/usr.bin/vmstat/vmstat.c +++ b/usr.bin/vmstat/vmstat.c @@ -1,5 +1,5 @@ /* $NetBSD: vmstat.c,v 1.29.4.1 1996/06/05 00:21:05 cgd Exp $ */ -/* $OpenBSD: vmstat.c,v 1.148 2019/10/14 14:40:00 deraadt Exp $ */ +/* $OpenBSD: vmstat.c,v 1.149 2019/10/14 19:22:17 deraadt Exp $ */ /* * Copyright (c) 1980, 1986, 1991, 1993 @@ -131,6 +131,7 @@ main(int argc, char *argv[]) { char errbuf[_POSIX2_LINE_MAX]; int c, todo = 0, reps = 0; + struct winsize winsize; const char *errstr; u_int interval = 0; @@ -207,16 +208,19 @@ main(int argc, char *argv[]) } if (todo & VMSTAT) { - struct winsize winsize; - dkinit(0); /* Initialize disk stats, no disks selected. */ argv = choosedrives(argv); /* Select disks. */ - winsize.ws_row = 0; - if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &winsize) == 0) { - if (winsize.ws_row > 0) - winlines = winsize.ws_row; - } + } + + if (unveil("/", "") == -1) + err(1, "unveil"); + if (unveil(NULL, NULL) == -1) + err(1, "unveil"); + winsize.ws_row = 0; + if (ioctl(STDOUT_FILENO, TIOCGWINSZ, &winsize) == 0) { + if (winsize.ws_row > 0) + winlines = winsize.ws_row; } #define BACKWARD_COMPATIBILITY diff --git a/usr.sbin/iostat/iostat.c b/usr.sbin/iostat/iostat.c index 70a00fe5278..9384c3e47bc 100644 --- a/usr.sbin/iostat/iostat.c +++ b/usr.sbin/iostat/iostat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: iostat.c,v 1.41 2018/09/05 09:35:49 yasuoka Exp $ */ +/* $OpenBSD: iostat.c,v 1.42 2019/10/14 19:22:17 deraadt Exp $ */ /* $NetBSD: iostat.c,v 1.10 1996/10/25 18:21:58 scottr Exp $ */ /* @@ -161,6 +161,12 @@ main(int argc, char *argv[]) todo |= SHOW_CPU | SHOW_TTY | SHOW_STATS_1; dkinit(0); + + if (unveil("/", "") == -1) + err(1, "unveil"); + if (unveil(NULL, NULL) == -1) + err(1, "unveil"); + dkreadstats(); selectdrives(argv); |