diff options
| author | Ricardo Mestre <mestre@cvs.openbsd.org> | 2018-09-28 18:21:53 +0000 |
|---|---|---|
| committer | Ricardo Mestre <mestre@cvs.openbsd.org> | 2018-09-28 18:21:53 +0000 |
| commit | 12196e16f11c312ec2c2aedd471a6da583099947 (patch) | |
| tree | 3ab21bfda7f5ee2edf1b184f7a6c14d2b4cf3193 /usr.bin | |
| parent | d2708f50587c748018c799fbe74e826f86823765 (diff) | |
Add unveil(2) to sdiff(1) to the following files:
filename1 - given via args - read permission
filename2 - same as above
tmpdir - if TMPDIR env var is changed, or _PATH_TMP by default -
read/write/create/delete permissions
/usr/bin/diff - the default diff program - execute permission
_PATH_BSHELL - to spawn an EDITOR/VISUAL if -o is used - execute
permission
this diff only applies unveil(2) if -F is not used, meaning that we are not
changing the default diff program to be used since that way we would need to
find where the binary is whereas by default we are sure that the path is
/usr/bin/diff. this will be revisited at a later stage to cover all cases.
feedback and OK millert@ deraadt@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/sdiff/sdiff.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/usr.bin/sdiff/sdiff.c b/usr.bin/sdiff/sdiff.c index 59f9515a9db..90207e16950 100644 --- a/usr.bin/sdiff/sdiff.c +++ b/usr.bin/sdiff/sdiff.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sdiff.c,v 1.36 2015/12/29 19:04:46 gsoares Exp $ */ +/* $OpenBSD: sdiff.c,v 1.37 2018/09/28 18:21:52 mestre Exp $ */ /* * Written by Raymond Lai <ray@cyth.net>. @@ -163,9 +163,7 @@ main(int argc, char **argv) const char *outfile = NULL; char **diffargv, *diffprog = "diff", *filename1, *filename2, *tmp1, *tmp2, *s1, *s2; - - if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1) - err(2, "pledge"); + unsigned int Fflag = 0; /* * Process diff flags. @@ -206,6 +204,7 @@ main(int argc, char **argv) break; case 'F': diffargv[0] = diffprog = optarg; + Fflag = 1; break; case 'H': diffargv[diffargc++] = "-H"; @@ -262,6 +261,21 @@ main(int argc, char **argv) filename1 = argv[0]; filename2 = argv[1]; + if (!Fflag) { + if (unveil(filename1, "r") == -1) + err(2, "unveil"); + if (unveil(filename2, "r") == -1) + err(2, "unveil"); + if (unveil(tmpdir, "rwc") == -1) + err(2, "unveil"); + if (unveil("/usr/bin/diff", "x") == -1) + err(2, "unveil"); + if (unveil(_PATH_BSHELL, "x") == -1) + err(2, "unveil"); + } + if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1) + err(2, "pledge"); + /* * Create temporary files for diff and sdiff to share if file1 * or file2 are not regular files. This allows sdiff and diff |