diff options
| author | Martijn van Duren <martijn@cvs.openbsd.org> | 2017-08-01 18:05:54 +0000 |
|---|---|---|
| committer | Martijn van Duren <martijn@cvs.openbsd.org> | 2017-08-01 18:05:54 +0000 |
| commit | 3f214365fdf1a9914ad8094a1638ff8c9acd992d (patch) | |
| tree | 8ee7a72c7210770548f603d3e70580d5d23e50d6 /usr.bin | |
| parent | ca62dd50403c76015baeb26caf2c6baded258426 (diff) | |
Apply stricter pledge rules if possible. These are based on the usage of
the 'w' and 'r' functions and the 'w' flag to the 's' function.
If non of the above is used and input is being read from stdin, we drop
all the way down to stdio!
Original inspiration by benno@.
OK millert@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/sed/compile.c | 11 | ||||
| -rw-r--r-- | usr.bin/sed/extern.h | 3 | ||||
| -rw-r--r-- | usr.bin/sed/main.c | 23 |
3 files changed, 30 insertions, 7 deletions
diff --git a/usr.bin/sed/compile.c b/usr.bin/sed/compile.c index 2d5007eee3b..0671805865e 100644 --- a/usr.bin/sed/compile.c +++ b/usr.bin/sed/compile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compile.c,v 1.41 2017/01/20 10:26:16 krw Exp $ */ +/* $OpenBSD: compile.c,v 1.42 2017/08/01 18:05:53 martijn Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. @@ -264,14 +264,17 @@ nonsel: /* Now parse the command */ if (*p == '\0') error(COMPILE, "filename expected"); cmd->t = duptoeol(p, "w command", NULL); - if (aflag) + if (aflag) { cmd->u.fd = -1; + pledge_wpath = 1; + } else if ((cmd->u.fd = open(p, O_WRONLY|O_APPEND|O_CREAT|O_TRUNC, DEFFILEMODE)) == -1) error(FATAL, "%s: %s", p, strerror(errno)); break; case RFILE: /* r */ + pledge_rpath = 1; p++; EATSPACE(); cmd->t = duptoeol(p, "read command", NULL); @@ -594,7 +597,9 @@ compile_flags(char *p, struct s_subst *s) if (q == wfile) error(COMPILE, "no wfile specified"); s->wfile = strdup(wfile); - if (!aflag && (s->wfd = open(wfile, + if (aflag) + pledge_wpath = 1; + else if ((s->wfd = open(wfile, O_WRONLY|O_APPEND|O_CREAT|O_TRUNC, DEFFILEMODE)) == -1) error(FATAL, "%s: %s", wfile, strerror(errno)); diff --git a/usr.bin/sed/extern.h b/usr.bin/sed/extern.h index ae3cc6963d0..77ed8ef1c5d 100644 --- a/usr.bin/sed/extern.h +++ b/usr.bin/sed/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.12 2017/01/20 10:26:16 krw Exp $ */ +/* $OpenBSD: extern.h,v 1.13 2017/08/01 18:05:53 martijn Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. * Copyright (c) 1992, 1993 @@ -41,6 +41,7 @@ extern size_t maxnsub; extern u_long linenum; extern size_t appendnum; extern int Eflag, aflag, eflag, nflag; +extern int pledge_wpath, pledge_rpath; extern const char *fname, *outfname; extern FILE *infile, *outfile; diff --git a/usr.bin/sed/main.c b/usr.bin/sed/main.c index bd69dc85e6e..69fcbde2a2d 100644 --- a/usr.bin/sed/main.c +++ b/usr.bin/sed/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.34 2017/01/20 10:26:16 krw Exp $ */ +/* $OpenBSD: main.c,v 1.35 2017/08/01 18:05:53 martijn Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. @@ -105,6 +105,8 @@ static int next_files_have_lines(void); int termwidth; +int pledge_wpath, pledge_rpath; + int main(int argc, char *argv[]) { @@ -176,11 +178,26 @@ main(int argc, char *argv[]) compile(); /* Continue with first and start second usage */ - if (*argv) + if (*argv) { + if (!pledge_wpath && inplace == NULL) { + if (pledge("stdio rpath", NULL) == -1) + error(FATAL, "pledge: %s", strerror(errno)); + } for (; *argv; argv++) add_file(*argv); - else + } else { + if (!pledge_wpath && !pledge_rpath) { + if (pledge("stdio", NULL) == -1) + error(FATAL, "pledge: %s", strerror(errno)); + } else if (pledge_rpath) { + if (pledge("stdio rpath", NULL) == -1) + error(FATAL, "pledge: %s", strerror(errno)); + } else if (pledge_wpath) { + if (pledge("stdio wpath cpath", NULL) == -1) + error(FATAL, "pledge: %s", strerror(errno)); + } add_file(NULL); + } process(); cfclose(prog, NULL); if (fclose(stdout)) |