summaryrefslogtreecommitdiff
path: root/usr.bin/cu
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2017-12-10 01:03:47 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2017-12-10 01:03:47 +0000
commit3d6e5b289327eeef26c3c93279716d905fde3f5f (patch)
tree883b2568ec682722fa4c25cfa4d2a3a158613972 /usr.bin/cu
parentc6fc90ac65c74731083728585a1469b2a8e202f7 (diff)
-r restricted mode blocks certain operations as ~ operations.
from Jan Klemkow ok nicm
Diffstat (limited to 'usr.bin/cu')
-rw-r--r--usr.bin/cu/command.c8
-rw-r--r--usr.bin/cu/cu.117
-rw-r--r--usr.bin/cu/cu.c14
-rw-r--r--usr.bin/cu/cu.h3
4 files changed, 34 insertions, 8 deletions
diff --git a/usr.bin/cu/command.c b/usr.bin/cu/command.c
index 9ae8e9adf9c..c07fe73aeca 100644
--- a/usr.bin/cu/command.c
+++ b/usr.bin/cu/command.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: command.c,v 1.15 2015/10/05 23:15:31 nicm Exp $ */
+/* $OpenBSD: command.c,v 1.16 2017/12/10 01:03:46 deraadt Exp $ */
/*
* Copyright (c) 2012 Nicholas Marriott <nicm@openbsd.org>
@@ -28,6 +28,7 @@
#include <signal.h>
#include <stdlib.h>
#include <stdio.h>
+#include <string.h>
#include <unistd.h>
#include "cu.h"
@@ -222,6 +223,11 @@ start_record(void)
void
do_command(char c)
{
+ if (restricted && strchr("CRX$>", c) != NULL) {
+ cu_warnx("~%c command is not allowed in restricted mode", c);
+ return;
+ }
+
switch (c) {
case '.':
case '\004': /* ^D */
diff --git a/usr.bin/cu/cu.1 b/usr.bin/cu/cu.1
index 2f1a3c836c6..3f47560afde 100644
--- a/usr.bin/cu/cu.1
+++ b/usr.bin/cu/cu.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: cu.1,v 1.15 2015/05/18 09:35:05 nicm Exp $
+.\" $OpenBSD: cu.1,v 1.16 2017/12/10 01:03:46 deraadt Exp $
.\"
.\" Copyright (c) 1980, 1990, 1993
.\" The Regents of the University of California. All rights reserved.
@@ -27,7 +27,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd $Mdocdate: May 18 2015 $
+.Dd $Mdocdate: December 10 2017 $
.Dt CU 1
.Os
.Sh NAME
@@ -35,7 +35,7 @@
.Nd serial terminal emulator
.Sh SYNOPSIS
.Nm
-.Op Fl d
+.Op Fl dr
.Op Fl l Ar line
.Op Fl s Ar speed | Fl Ar speed
.Nm
@@ -55,6 +55,11 @@ The options are as follows:
Specify that the line is directly connected and
.Nm
should not allow the driver to block waiting for a carrier to be detected.
+.It Fl r
+Starts
+.Nm
+in restricted mode.
+This prevents all local filesystem operations and command executions.
.It Fl l Ar line
Specify the line to use.
Either of the forms like
@@ -114,6 +119,7 @@ process to the remote host.
The command string sent to the local
.Ux
system is processed by the shell.
+This command is not allowed in restricted mode.
.It Ic ~#
Send a
.Dv BREAK
@@ -132,16 +138,21 @@ file descriptors:
1 \*(Lt-\*(Gt remote tty out
2 \*(Lt-\*(Gt local tty stderr
.Ed
+.Pp
+This command is not allowed in restricted mode.
.It Ic ~D
Deassert the data terminal ready (DTR) line briefly.
+This command is not allowed in restricted mode.
.It Ic ~R
Record all output from the remote system to a file.
If the given file already exists, it is appended to.
If no file is specified, any existing recording is stopped.
+This command is not allowed in restricted mode.
.It Ic ~S
Change the speed of the connection.
.It Ic ~X
Send a file with the XMODEM protocol.
+This command is not allowed in restricted mode.
.It Ic ~?
Get a summary of the tilde escapes.
.El
diff --git a/usr.bin/cu/cu.c b/usr.bin/cu/cu.c
index 8d1935a11c2..03a2df4181f 100644
--- a/usr.bin/cu/cu.c
+++ b/usr.bin/cu/cu.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cu.c,v 1.25 2017/08/22 16:32:37 mestre Exp $ */
+/* $OpenBSD: cu.c,v 1.26 2017/12/10 01:03:46 deraadt Exp $ */
/*
* Copyright (c) 2012 Nicholas Marriott <nicm@openbsd.org>
@@ -42,6 +42,7 @@ struct termios saved_tio;
struct bufferevent *input_ev;
struct bufferevent *output_ev;
int is_direct = -1;
+int restricted = 0;
const char *line_path = NULL;
int line_speed = -1;
int line_fd;
@@ -66,7 +67,7 @@ void try_remote(const char *, const char *, const char *);
__dead void
usage(void)
{
- fprintf(stderr, "usage: %s [-d] [-l line] [-s speed | -speed]\n",
+ fprintf(stderr, "usage: %s [-dr] [-l line] [-s speed | -speed]\n",
__progname);
fprintf(stderr, " %s [host]\n", __progname);
exit(1);
@@ -100,11 +101,16 @@ main(int argc, char **argv)
errx(1, "speed asprintf");
}
- while ((opt = getopt(argc, argv, "dl:s:")) != -1) {
+ while ((opt = getopt(argc, argv, "drl:s:")) != -1) {
switch (opt) {
case 'd':
is_direct = 1;
break;
+ case 'r':
+ if (pledge("stdio rpath wpath tty", NULL) == -1)
+ err(1, "pledge");
+ restricted = 1;
+ break;
case 'l':
line_path = optarg;
break;
@@ -162,6 +168,8 @@ main(int argc, char **argv)
line_fd = open(line_path, flags);
if (line_fd < 0)
err(1, "open(\"%s\")", line_path);
+ if (restricted && pledge("stdio tty", NULL) == -1)
+ err(1, "pledge");
if (!isatty(line_fd))
err(1, "%s", line_path);
if (ioctl(line_fd, TIOCEXCL) != 0)
diff --git a/usr.bin/cu/cu.h b/usr.bin/cu/cu.h
index 10745bc037a..2a7ca45d414 100644
--- a/usr.bin/cu/cu.h
+++ b/usr.bin/cu/cu.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cu.h,v 1.7 2015/10/05 23:15:31 nicm Exp $ */
+/* $OpenBSD: cu.h,v 1.8 2017/12/10 01:03:46 deraadt Exp $ */
/*
* Copyright (c) 2012 Nicholas Marriott <nicm@openbsd.org>
@@ -23,6 +23,7 @@
void do_command(char);
/* cu.c */
+extern int restricted;
extern FILE *record_file;
extern struct termios saved_tio;
extern int line_fd;