From 4448fbbaceca0b117857a2481280595dcde2ba19 Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Mon, 24 Sep 2018 21:26:03 +0000 Subject: Use unveil(2). These programs fit together in various strange ways, so if a problem is encountered with this the whole set needs backout and study. --- sbin/fsck/fsck.c | 11 ++++++++++- sbin/fsck/fsutil.c | 20 +++++++++++++------- sbin/fsck/fsutil.h | 3 ++- sbin/fsck_ext2fs/main.c | 4 +++- sbin/fsck_ffs/main.c | 4 +++- sbin/fsck_ffs/setup.c | 8 ++++++-- sbin/fsck_msdos/check.c | 5 ++++- sbin/fsck_msdos/main.c | 4 +++- 8 files changed, 44 insertions(+), 15 deletions(-) (limited to 'sbin') diff --git a/sbin/fsck/fsck.c b/sbin/fsck/fsck.c index ec7224e085b..7b6132032f4 100644 --- a/sbin/fsck/fsck.c +++ b/sbin/fsck/fsck.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fsck.c,v 1.38 2015/11/23 19:19:29 deraadt Exp $ */ +/* $OpenBSD: fsck.c,v 1.39 2018/09/24 21:26:00 deraadt Exp $ */ /* $NetBSD: fsck.c,v 1.7 1996/10/03 20:06:30 christos Exp $ */ /* @@ -39,6 +39,7 @@ #include #include #include +#include #include #include @@ -106,6 +107,14 @@ main(int argc, char *argv[]) } else warn("Can't get resource limit for data size"); + checkroot(); + + if (unveil("/dev", "rw") == -1) + err(1, "unveil"); + if (unveil(_PATH_FSTAB, "r") == -1) + err(1, "unveil"); + if (unveil("/sbin", "x") == -1) + err(1, "unveil"); if (pledge("stdio rpath wpath disklabel proc exec", NULL) == -1) err(1, "pledge"); diff --git a/sbin/fsck/fsutil.c b/sbin/fsck/fsutil.c index 4246a6e8240..f0b88684058 100644 --- a/sbin/fsck/fsutil.c +++ b/sbin/fsck/fsutil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fsutil.c,v 1.22 2015/09/27 05:25:00 guenther Exp $ */ +/* $OpenBSD: fsutil.c,v 1.23 2018/09/24 21:26:00 deraadt Exp $ */ /* $NetBSD: fsutil.c,v 1.2 1996/10/03 20:06:31 christos Exp $ */ /* @@ -53,6 +53,17 @@ extern char *__progname; static void vmsg(int, const char *, va_list); +struct stat stslash; + +void +checkroot(void) +{ + if (stat("/", &stslash) < 0) { + xperror("/"); + printf("Can't stat root\n"); + } +} + void setcdevname(const char *cd, const char *ocd, int pr) { @@ -182,17 +193,12 @@ rawname(char *name) char * blockcheck(char *origname) { - struct stat stslash, stblock, stchar; + struct stat stblock, stchar; char *newname, *raw; struct fstab *fsp; int retried = 0; hot = 0; - if (stat("/", &stslash) < 0) { - xperror("/"); - printf("Can't stat root\n"); - return (origname); - } newname = origname; retry: if (stat(newname, &stblock) < 0) diff --git a/sbin/fsck/fsutil.h b/sbin/fsck/fsutil.h index a5b6b0b469b..01fd315dfba 100644 --- a/sbin/fsck/fsutil.h +++ b/sbin/fsck/fsutil.h @@ -1,4 +1,4 @@ -/* $OpenBSD: fsutil.h,v 1.7 2014/10/08 16:27:53 deraadt Exp $ */ +/* $OpenBSD: fsutil.h,v 1.8 2018/09/24 21:26:00 deraadt Exp $ */ /* $NetBSD: fsutil.h,v 1.3 1996/10/03 20:06:31 christos Exp $ */ /* @@ -41,6 +41,7 @@ void panic(const char *, ...) __attribute__((__noreturn__,__format__(__printf__,1,2))); char *rawname(char *); char *unrawname(char *); +void checkroot(void); char *blockcheck(char *); const char *cdevname(void); void setcdevname(const char *, const char *, int); diff --git a/sbin/fsck_ext2fs/main.c b/sbin/fsck_ext2fs/main.c index d40d5a351e5..b8610a60e08 100644 --- a/sbin/fsck_ext2fs/main.c +++ b/sbin/fsck_ext2fs/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.27 2016/03/16 15:41:10 krw Exp $ */ +/* $OpenBSD: main.c,v 1.28 2018/09/24 21:26:02 deraadt Exp $ */ /* $NetBSD: main.c,v 1.1 1997/06/11 11:21:50 bouyer Exp $ */ /* @@ -65,6 +65,8 @@ main(int argc, char *argv[]) int ch; int ret = 0; + checkroot(); + sync(); skipclean = 1; while ((ch = getopt(argc, argv, "b:dfm:npy")) != -1) { diff --git a/sbin/fsck_ffs/main.c b/sbin/fsck_ffs/main.c index 417ea542c3b..0f6b6f7ae28 100644 --- a/sbin/fsck_ffs/main.c +++ b/sbin/fsck_ffs/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.51 2018/01/05 09:33:47 otto Exp $ */ +/* $OpenBSD: main.c,v 1.52 2018/09/24 21:26:02 deraadt Exp $ */ /* $NetBSD: main.c,v 1.22 1996/10/11 20:15:48 thorpej Exp $ */ /* @@ -67,6 +67,8 @@ main(int argc, char *argv[]) int ch; int ret = 0; + checkroot(); + sync(); skipclean = 1; while ((ch = getopt(argc, argv, "dfpnNyYb:c:m:")) != -1) { diff --git a/sbin/fsck_ffs/setup.c b/sbin/fsck_ffs/setup.c index aa77994f094..0d2a9dcf574 100644 --- a/sbin/fsck_ffs/setup.c +++ b/sbin/fsck_ffs/setup.c @@ -1,4 +1,4 @@ -/* $OpenBSD: setup.c,v 1.64 2018/01/05 09:33:47 otto Exp $ */ +/* $OpenBSD: setup.c,v 1.65 2018/09/24 21:26:02 deraadt Exp $ */ /* $NetBSD: setup.c,v 1.27 1996/09/27 22:45:19 christos Exp $ */ /* @@ -102,11 +102,15 @@ setup(char *dev, int isfsdb) strlcpy(rdevname, realdev, sizeof(rdevname)); setcdevname(rdevname, dev, preen); - if (isfsdb || !hotroot()) + if (isfsdb || !hotroot()) { + if (unveil("/dev", "rw") == -1) + err(1, "unveil"); if (pledge("stdio rpath wpath getpw tty disklabel", NULL) == -1) err(1, "pledge"); + } } + if (fstat(fsreadfd, &statb) < 0) { printf("Can't stat %s: %s\n", realdev, strerror(errno)); close(fsreadfd); diff --git a/sbin/fsck_msdos/check.c b/sbin/fsck_msdos/check.c index bfe9450f2b1..a5d972d49f0 100644 --- a/sbin/fsck_msdos/check.c +++ b/sbin/fsck_msdos/check.c @@ -1,4 +1,4 @@ -/* $OpenBSD: check.c,v 1.18 2015/10/14 16:58:55 deraadt Exp $ */ +/* $OpenBSD: check.c,v 1.19 2018/09/24 21:26:02 deraadt Exp $ */ /* $NetBSD: check.c,v 1.8 1997/10/17 11:19:29 ws Exp $ */ /* @@ -54,6 +54,9 @@ checkfilesys(const char *fname) int i; int mod = 0; + if (unveil("/dev", "rw") == -1) + err(1, "unveil"); + rdonly = alwaysno; dosfs = opendev(fname, rdonly ? O_RDONLY : O_RDWR, 0, &realdev); diff --git a/sbin/fsck_msdos/main.c b/sbin/fsck_msdos/main.c index 0f4d62123ab..0b6ed81b1a2 100644 --- a/sbin/fsck_msdos/main.c +++ b/sbin/fsck_msdos/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.23 2016/05/28 18:00:42 tb Exp $ */ +/* $OpenBSD: main.c,v 1.24 2018/09/24 21:26:02 deraadt Exp $ */ /* $NetBSD: main.c,v 1.8 1996/10/17 20:29:53 cgd Exp $ */ /* @@ -57,6 +57,8 @@ main(int argc, char *argv[]) { int ch; + checkroot(); + while ((ch = getopt(argc, argv, "pynf")) != -1) { switch (ch) { case 'f': -- cgit v1.2.3