diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2023-08-15 13:50:54 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2023-08-15 13:50:54 +0000 |
| commit | 02ceb34aeea66784c63d89aac11f47fbfc1986e4 (patch) | |
| tree | 3075105f0b5f4e2c136c9415d865de532560961c /libexec | |
| parent | 54d53e4e1172196c5cffc9cd1d593490392eadc2 (diff) | |
ldd can pledge "stdio rpath proc exec prot_exec". We can later bifurbicate
at the dlopen vs execve split, dropping either "proc" or "prot_exec".
ok gnezdo
Diffstat (limited to 'libexec')
| -rw-r--r-- | libexec/ld.so/ldd/ldd.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/libexec/ld.so/ldd/ldd.c b/libexec/ld.so/ldd/ldd.c index f8f208652d2..375a646db36 100644 --- a/libexec/ld.so/ldd/ldd.c +++ b/libexec/ld.so/ldd/ldd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldd.c,v 1.25 2023/08/12 13:43:22 gnezdo Exp $ */ +/* $OpenBSD: ldd.c,v 1.26 2023/08/15 13:50:53 deraadt Exp $ */ /* * Copyright (c) 2001 Artur Grabowski <art@openbsd.org> * All rights reserved. @@ -48,6 +48,9 @@ main(int argc, char **argv) { int c, xflag, ret; + if (pledge("stdio rpath proc exec prot_exec", NULL) == -1) + err(1, "pledge"); + xflag = 0; while ((c = getopt(argc, argv, "x")) != -1) { switch (c) { @@ -163,6 +166,8 @@ doit(char *name) err(1, "fork"); case 0: if (ehdr.e_type == ET_DYN && !interp) { + if (pledge("stdio rpath prot_exec", NULL) == -1) + err(1, "pledge"); if (realpath(name, buf) == NULL) { printf("realpath(%s): %s", name, strerror(errno)); @@ -178,14 +183,13 @@ doit(char *name) _exit(0); } + if (pledge("stdio rpath exec", "stdio rpath") == -1) + err(1, "pledge"); if (i == ehdr.e_phnum) { printf("not a dynamic executable\n"); fflush(stdout); _exit(0); } - - if (pledge(NULL, "stdio rpath") == -1) - err(1, "pledge"); execl(name, name, (char *)NULL); perror(name); _exit(1); |