summaryrefslogtreecommitdiff
path: root/bin/stty/stty.c
diff options
context:
space:
mode:
authorRicardo Mestre <mestre@cvs.openbsd.org>2021-10-23 16:45:33 +0000
committerRicardo Mestre <mestre@cvs.openbsd.org>2021-10-23 16:45:33 +0000
commite3bbdcaa3a4526b408b68914e58864204fb9edfe (patch)
treeddd46463eb584f1d4c4c2aae46fc0c7a8273f05f /bin/stty/stty.c
parenta455ed6360fd3308339ab41685da5e6772452ec0 (diff)
stty(1) can't be pledged for all modes, but it can be unveiled. the only file to
be opened is on stty -f `file', so call unveil(2) afterwards to restrict all fs access. OK deraadt@
Diffstat (limited to 'bin/stty/stty.c')
-rw-r--r--bin/stty/stty.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/bin/stty/stty.c b/bin/stty/stty.c
index 904d86996cf..bb09ca97ab2 100644
--- a/bin/stty/stty.c
+++ b/bin/stty/stty.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: stty.c,v 1.21 2019/06/28 13:35:00 deraadt Exp $ */
+/* $OpenBSD: stty.c,v 1.22 2021/10/23 16:45:32 mestre Exp $ */
/* $NetBSD: stty.c,v 1.11 1995/03/21 09:11:30 cgd Exp $ */
/*-
@@ -82,6 +82,11 @@ main(int argc, char *argv[])
args: argc -= optind;
argv += optind;
+ if (unveil("/", "") == -1)
+ err(1, "unveil /");
+ if (unveil(NULL, NULL) == -1)
+ err(1, "unveil");
+
if (ioctl(i.fd, TIOCGETD, &i.ldisc) == -1)
err(1, "TIOCGETD");