From 6bb3602fc3b75e57548004bbb2fcbef785acd2c8 Mon Sep 17 00:00:00 2001 From: mestre Date: Fri, 5 Feb 2016 10:18:02 +0000 Subject: pledge(2) for talk(1): At the beginning the largest pledge is the following: rpath: read ~/.terminfo (the reason was changed pointed out by semarie@) inet/dns: talk may need to connect to a remote host and resolve it getpw: if getlogin(2) fails then it needs getpwuid(3) as a fallback tty: this is a typical tty application, so it'll always need this annotation Then just before the application main loop check if the talk is with local user so it only needs "stdio tty", if it's remote then it needs "stdio inet tty". I couldn't test this with a remote host to confirm if it needs inet or not but as per jca@'s comment "tighter settings - if possible - can happen later" ok jca@ and also discussed with tb@ --- usr.bin/talk/talk.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'usr.bin/talk') diff --git a/usr.bin/talk/talk.c b/usr.bin/talk/talk.c index b10ad857a5a..0c9e4f362b3 100644 --- a/usr.bin/talk/talk.c +++ b/usr.bin/talk/talk.c @@ -1,4 +1,4 @@ -/* $OpenBSD: talk.c,v 1.10 2016/02/01 07:29:25 mestre Exp $ */ +/* $OpenBSD: talk.c,v 1.11 2016/02/05 10:18:01 mestre Exp $ */ /* $NetBSD: talk.c,v 1.3 1994/12/09 02:14:25 jtc Exp $ */ /* @@ -35,6 +35,7 @@ #include #include "talk.h" +#include "talk_ctl.h" /* * talk: A visual form of write. Using sockets, a two way @@ -53,6 +54,9 @@ int main(int argc, char *argv[]) { + if (pledge("stdio rpath inet dns getpw tty", NULL) == -1) + err(1, "pledge"); + get_names(argc, argv); init_display(); open_ctl(); @@ -62,6 +66,15 @@ main(int argc, char *argv[]) invite_remote(); end_msgs(); set_edit_chars(); + + if (his_machine_addr.s_addr == my_machine_addr.s_addr) { + if (pledge("stdio tty", NULL) == -1) + err(1, "pledge"); + } else { + if (pledge("stdio tty", NULL) == -1) + err(1, "pledge"); + } + talk(); return (0); } -- cgit v1.2.3