In the early pledge, add "unveil" to permit changes a little later on.

If kernel variables are being watched unveil /dev/mem, /dev/kmem, and
/dev/ksyms.  If testing AF_UNIX, unveil that patch.  The next pledge
removes "unveil", then tcpbench is largely filesystem restricted.

1 files changed, 17 insertions, 4 deletions

diff --git a/usr.bin/tcpbench/tcpbench.c b/usr.bin/tcpbench/tcpbench.c
index de99067f467..fbe8b2ed16a 100644
--- a/usr.bin/tcpbench/tcpbench.c
+++ b/usr.bin/tcpbench/tcpbench.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tcpbench.c,v 1.56 2018/05/22 18:56:33 cheloha Exp $	*/
+/*	$OpenBSD: tcpbench.c,v 1.57 2018/08/08 14:35:38 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2008 Damien Miller <djm@mindrot.org>
@@ -49,6 +49,7 @@
 #include <err.h>
 #include <fcntl.h>
 #include <poll.h>
+#include <paths.h>
 
 #include <kvm.h>
 #include <nlist.h>
@@ -1123,7 +1124,7 @@ main(int argc, char **argv)
 		}
 	}
 
-	if (pledge("stdio rpath dns inet unix id proc", NULL) == -1)
+	if (pledge("stdio unveil rpath dns inet unix id proc", NULL) == -1)
 		err(1, "pledge");
 
 	argv += optind;
@@ -1133,6 +1134,13 @@ main(int argc, char **argv)
 		usage();
 
 	if (ptb->kvars) {
+		if (unveil(_PATH_MEM, "r") == -1)
+			err(1, "unveil");
+		if (unveil(_PATH_KMEM, "r") == -1)
+			err(1, "unveil");
+		if (unveil(_PATH_KSYMS, "r") == -1)
+			err(1, "unveil");
+
 		if ((ptb->kvmh = kvm_openfiles(NULL, NULL, NULL,
 		    O_RDONLY, kerr)) == NULL)
 			errx(1, "kvm_open: %s", kerr);
@@ -1143,11 +1151,16 @@ main(int argc, char **argv)
 	} else
 		drop_gid();
 
+	if (!ptb->sflag || ptb->Uflag)
+		host = argv[0];
+
+	if (ptb->Uflag)
+		if (unveil(host, "rwc") == -1)
+			err(1, "unveil");
+
 	if (pledge("stdio id dns inet unix", NULL) == -1)
 		err(1, "pledge");
 
-	if (!ptb->sflag || ptb->Uflag)
-		host = argv[0];
 	/*
 	 * Rationale,
 	 * If TCP, use a big buffer with big reads/writes.