summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRicardo Mestre <mestre@cvs.openbsd.org>2018-09-28 18:21:53 +0000
committerRicardo Mestre <mestre@cvs.openbsd.org>2018-09-28 18:21:53 +0000
commit12196e16f11c312ec2c2aedd471a6da583099947 (patch)
tree3ab21bfda7f5ee2edf1b184f7a6c14d2b4cf3193
parentd2708f50587c748018c799fbe74e826f86823765 (diff)
Add unveil(2) to sdiff(1) to the following files:
filename1 - given via args - read permission filename2 - same as above tmpdir - if TMPDIR env var is changed, or _PATH_TMP by default - read/write/create/delete permissions /usr/bin/diff - the default diff program - execute permission _PATH_BSHELL - to spawn an EDITOR/VISUAL if -o is used - execute permission this diff only applies unveil(2) if -F is not used, meaning that we are not changing the default diff program to be used since that way we would need to find where the binary is whereas by default we are sure that the path is /usr/bin/diff. this will be revisited at a later stage to cover all cases. feedback and OK millert@ deraadt@
-rw-r--r--usr.bin/sdiff/sdiff.c22
1 files changed, 18 insertions, 4 deletions
diff --git a/usr.bin/sdiff/sdiff.c b/usr.bin/sdiff/sdiff.c
index 59f9515a9db..90207e16950 100644
--- a/usr.bin/sdiff/sdiff.c
+++ b/usr.bin/sdiff/sdiff.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sdiff.c,v 1.36 2015/12/29 19:04:46 gsoares Exp $ */
+/* $OpenBSD: sdiff.c,v 1.37 2018/09/28 18:21:52 mestre Exp $ */
/*
* Written by Raymond Lai <ray@cyth.net>.
@@ -163,9 +163,7 @@ main(int argc, char **argv)
const char *outfile = NULL;
char **diffargv, *diffprog = "diff", *filename1, *filename2,
*tmp1, *tmp2, *s1, *s2;
-
- if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1)
- err(2, "pledge");
+ unsigned int Fflag = 0;
/*
* Process diff flags.
@@ -206,6 +204,7 @@ main(int argc, char **argv)
break;
case 'F':
diffargv[0] = diffprog = optarg;
+ Fflag = 1;
break;
case 'H':
diffargv[diffargc++] = "-H";
@@ -262,6 +261,21 @@ main(int argc, char **argv)
filename1 = argv[0];
filename2 = argv[1];
+ if (!Fflag) {
+ if (unveil(filename1, "r") == -1)
+ err(2, "unveil");
+ if (unveil(filename2, "r") == -1)
+ err(2, "unveil");
+ if (unveil(tmpdir, "rwc") == -1)
+ err(2, "unveil");
+ if (unveil("/usr/bin/diff", "x") == -1)
+ err(2, "unveil");
+ if (unveil(_PATH_BSHELL, "x") == -1)
+ err(2, "unveil");
+ }
+ if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1)
+ err(2, "pledge");
+
/*
* Create temporary files for diff and sdiff to share if file1
* or file2 are not regular files. This allows sdiff and diff