summaryrefslogtreecommitdiff
path: root/usr.bin/signify/signify.c
diff options
context:
space:
mode:
authorTed Unangst <tedu@cvs.openbsd.org>2015-10-08 16:45:51 +0000
committerTed Unangst <tedu@cvs.openbsd.org>2015-10-08 16:45:51 +0000
commite4ae1fad729781e0a6b7e7b19aff139af3dd3738 (patch)
tree2249c2f889f10ce8a258b4b48640809339c605e6 /usr.bin/signify/signify.c
parent269c943ccd00c89904c693b82f95d87880431965 (diff)
add some tame calls. we may need a bunch of permissions to create files
and manipulate the tty for readpassphrase, but once we've parsed options and have some idea of what's going to happen next, we can reduce down quite a bit more. particular use case of "signify | patch" is limited to feeding garbage to patch.
Diffstat (limited to 'usr.bin/signify/signify.c')
-rw-r--r--usr.bin/signify/signify.c28
1 files changed, 27 insertions, 1 deletions
diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c
index 06d28dae022..ec80973a5b0 100644
--- a/usr.bin/signify/signify.c
+++ b/usr.bin/signify/signify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: signify.c,v 1.100 2015/01/16 06:16:12 tedu Exp $ */
+/* $OpenBSD: signify.c,v 1.101 2015/10/08 16:45:50 tedu Exp $ */
/*
* Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
*
@@ -663,6 +663,8 @@ main(int argc, char **argv)
VERIFY
} verb = NONE;
+ if (tame("stdio rpath wpath cpath tty", NULL) == -1)
+ err(1, "tame");
rounds = 42;
@@ -722,6 +724,30 @@ main(int argc, char **argv)
argc -= optind;
argv += optind;
+ switch (verb) {
+ case GENERATE:
+ case SIGN:
+ /* keep it all */
+ break;
+ case CHECK:
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+ break;
+ case VERIFY:
+ if (embedded && (!msgfile || strcmp(msgfile, "-") != 0)) {
+ if (tame("stdio rpath wpath cpath", NULL) == -1)
+ err(1, "tame");
+ } else {
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+ }
+ break;
+ default:
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
+ break;
+ }
+
#ifndef VERIFYONLY
if (verb == CHECK) {
if (!sigfile)