diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-10-06 03:25:03 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-10-06 03:25:03 +0000 |
| commit | 6cbc6e16b96077e9584349f6bb921e16b86346fe (patch) | |
| tree | 0eab75ba7da1a677c4ae54899af2a04006bd3b1d /usr.bin/write | |
| parent | 6f70a47c04bd4a21200c38835404cf0a5a65547c (diff) | |
unfortunately tame "stdio" can only happen well after the sequence of:
utmp parsing, tty opening, setresgid to drop privs. it only protects
a basic io loop.
discussed with doug
Diffstat (limited to 'usr.bin/write')
| -rw-r--r-- | usr.bin/write/write.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/usr.bin/write/write.c b/usr.bin/write/write.c index 1f7f10a2474..d239d27482c 100644 --- a/usr.bin/write/write.c +++ b/usr.bin/write/write.c @@ -1,4 +1,4 @@ -/* $OpenBSD: write.c,v 1.29 2015/10/05 07:09:46 deraadt Exp $ */ +/* $OpenBSD: write.c,v 1.30 2015/10/06 03:25:02 deraadt Exp $ */ /* $NetBSD: write.c,v 1.5 1995/08/31 21:48:32 jtc Exp $ */ /* @@ -246,6 +246,13 @@ do_write(char *tty, char *mytty, uid_t myuid) if (setresgid(gid, gid, gid) == -1) err(1, "setresgid"); + /* + * Unfortunately this is rather late - well after utmp + * parsing, then pinned by the tty open and setresgid + */ + if (tame("stdio", NULL) == -1) + err(1, "tame"); + (void)signal(SIGINT, done); (void)signal(SIGHUP, done); |