diff options
author | Ricardo Mestre <mestre@cvs.openbsd.org> | 2021-10-23 16:45:33 +0000 |
---|---|---|
committer | Ricardo Mestre <mestre@cvs.openbsd.org> | 2021-10-23 16:45:33 +0000 |
commit | e3bbdcaa3a4526b408b68914e58864204fb9edfe (patch) | |
tree | ddd46463eb584f1d4c4c2aae46fc0c7a8273f05f /bin/stty/stty.c | |
parent | a455ed6360fd3308339ab41685da5e6772452ec0 (diff) |
stty(1) can't be pledged for all modes, but it can be unveiled. the only file to
be opened is on stty -f `file', so call unveil(2) afterwards to restrict all fs
access.
OK deraadt@
Diffstat (limited to 'bin/stty/stty.c')
-rw-r--r-- | bin/stty/stty.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/bin/stty/stty.c b/bin/stty/stty.c index 904d86996cf..bb09ca97ab2 100644 --- a/bin/stty/stty.c +++ b/bin/stty/stty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: stty.c,v 1.21 2019/06/28 13:35:00 deraadt Exp $ */ +/* $OpenBSD: stty.c,v 1.22 2021/10/23 16:45:32 mestre Exp $ */ /* $NetBSD: stty.c,v 1.11 1995/03/21 09:11:30 cgd Exp $ */ /*- @@ -82,6 +82,11 @@ main(int argc, char *argv[]) args: argc -= optind; argv += optind; + if (unveil("/", "") == -1) + err(1, "unveil /"); + if (unveil(NULL, NULL) == -1) + err(1, "unveil"); + if (ioctl(i.fd, TIOCGETD, &i.ldisc) == -1) err(1, "TIOCGETD"); |