Also apply stricter pledge when secure mode is set via rc file or command.

Pointed out by jesper <at> ifconfig <dot> se

OK brynet@

4 files changed, 22 insertions, 7 deletions

diff --git a/usr.bin/vi/common/options.c b/usr.bin/vi/common/options.c
index abe1b379c15..6e11150b62c 100644
--- a/usr.bin/vi/common/options.c
+++ b/usr.bin/vi/common/options.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: options.c,v 1.26 2017/07/31 19:45:49 martijn Exp $	*/
+/*	$OpenBSD: options.c,v 1.27 2019/05/21 09:24:58 martijn Exp $	*/
 
 /*-
  * Copyright (c) 1991, 1993, 1994
@@ -136,7 +136,7 @@ OPTLIST const optlist[] = {
 /* O_SECTIONS	    4BSD */
 	{"sections",	f_section,	OPT_STR,	0},
 /* O_SECURE	  4.4BSD */
-	{"secure",	NULL,		OPT_0BOOL,	OPT_NOUNSET},
+	{"secure",	f_secure,	OPT_0BOOL,	OPT_NOUNSET},
 /* O_SHELL	    4BSD */
 	{"shell",	NULL,		OPT_STR,	0},
 /* O_SHELLMETA	  4.4BSD */
diff --git a/usr.bin/vi/common/options_f.c b/usr.bin/vi/common/options_f.c
index 6d10b265ee9..94aaddeeb2b 100644
--- a/usr.bin/vi/common/options_f.c
+++ b/usr.bin/vi/common/options_f.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: options_f.c,v 1.12 2017/07/03 07:01:14 bentley Exp $	*/
+/*	$OpenBSD: options_f.c,v 1.13 2019/05/21 09:24:58 martijn Exp $	*/
 
 /*-
  * Copyright (c) 1993, 1994
@@ -207,6 +207,19 @@ f_section(SCR *sp, OPTION *op, char *str, u_long *valp)
 }
 
 /*
+ * PUBLIC: int f_secure(SCR *, OPTION *, char *, u_long *)
+ */
+int
+f_secure(SCR *sp, OPTION *op, char *str, u_long *valp)
+{
+	if (pledge("stdio rpath wpath cpath fattr flock getpw tty", NULL) == -1) {
+		msgq(sp, M_ERR, "pledge failed");
+		return (1);
+	}
+	return (0);
+}
+
+/*
  * PUBLIC: int f_ttywerase(SCR *, OPTION *, char *, u_long *);
  */
 int
diff --git a/usr.bin/vi/docs/USD.doc/vi.man/vi.1 b/usr.bin/vi/docs/USD.doc/vi.man/vi.1
index 559cd56a686..466b508aee0 100644
--- a/usr.bin/vi/docs/USD.doc/vi.man/vi.1
+++ b/usr.bin/vi/docs/USD.doc/vi.man/vi.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: vi.1,v 1.75 2018/02/12 01:10:46 schwarze Exp $
+.\"	$OpenBSD: vi.1,v 1.76 2019/05/21 09:24:58 martijn Exp $
 .\"
 .\" Copyright (c) 1994
 .\"     The Regents of the University of California.  All rights reserved.
@@ -14,7 +14,7 @@
 .\"
 .\"     @(#)vi.1	8.51 (Berkeley) 10/10/96
 .\"
-.Dd $Mdocdate: February 12 2018 $
+.Dd $Mdocdate: May 21 2019 $
 .Dt VI 1
 .Os
 .Sh NAME
@@ -2456,8 +2456,9 @@ Define additional section boundaries for the
 and
 .Cm ]]
 commands.
-.It Cm secure Bq off
+.It Cm secure
 Turns off all access to external programs.
+Once set this option can't be disabled.
 .It Cm shell , sh Bq "environment variable SHELL, or /bin/sh"
 Select the shell used by the editor.
 .It Cm shellmeta Bq ~{[*?$`'\&"\e
diff --git a/usr.bin/vi/include/com_extern.h b/usr.bin/vi/include/com_extern.h
index f2658cda23f..675372ba577 100644
--- a/usr.bin/vi/include/com_extern.h
+++ b/usr.bin/vi/include/com_extern.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: com_extern.h,v 1.15 2017/07/03 07:01:14 bentley Exp $	*/
+/*	$OpenBSD: com_extern.h,v 1.16 2019/05/21 09:24:58 martijn Exp $	*/
 
 int cut(SCR *, CHAR_T *, MARK *, MARK *, int);
 int cut_line(SCR *, recno_t, size_t, size_t, CB *);
@@ -75,6 +75,7 @@ int f_readonly(SCR *, OPTION *, char *, u_long *);
 int f_recompile(SCR *, OPTION *, char *, u_long *);
 int f_reformat(SCR *, OPTION *, char *, u_long *);
 int f_section(SCR *, OPTION *, char *, u_long *);
+int f_secure(SCR *, OPTION *, char *, u_long *);
 int f_ttywerase(SCR *, OPTION *, char *, u_long *);
 int f_w300(SCR *, OPTION *, char *, u_long *);
 int f_w1200(SCR *, OPTION *, char *, u_long *);