From 6cbc6e16b96077e9584349f6bb921e16b86346fe Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Tue, 6 Oct 2015 03:25:03 +0000 Subject: unfortunately tame "stdio" can only happen well after the sequence of: utmp parsing, tty opening, setresgid to drop privs. it only protects a basic io loop. discussed with doug --- usr.bin/write/write.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'usr.bin/write') diff --git a/usr.bin/write/write.c b/usr.bin/write/write.c index 1f7f10a2474..d239d27482c 100644 --- a/usr.bin/write/write.c +++ b/usr.bin/write/write.c @@ -1,4 +1,4 @@ -/* $OpenBSD: write.c,v 1.29 2015/10/05 07:09:46 deraadt Exp $ */ +/* $OpenBSD: write.c,v 1.30 2015/10/06 03:25:02 deraadt Exp $ */ /* $NetBSD: write.c,v 1.5 1995/08/31 21:48:32 jtc Exp $ */ /* @@ -246,6 +246,13 @@ do_write(char *tty, char *mytty, uid_t myuid) if (setresgid(gid, gid, gid) == -1) err(1, "setresgid"); + /* + * Unfortunately this is rather late - well after utmp + * parsing, then pinned by the tty open and setresgid + */ + if (tame("stdio", NULL) == -1) + err(1, "tame"); + (void)signal(SIGINT, done); (void)signal(SIGHUP, done); -- cgit v1.2.3