diff options
| author |   deraadt <deraadt@openbsd.org> | 2018-08-03 06:57:34 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2018-08-03 06:57:34 +0000 |
| commit | 8d69996f0cfd994d25340538cec24a67d15856f7 (patch) | |
| tree | 05720c1c3c823f90cb5f3aa31311a587fd0c7687 | |
| parent | unveil of _PATH_DEVDB "/var/run/dev.db" can be done before pledge for (diff) | |
| download | wireguard-openbsd-8d69996f0cfd994d25340538cec24a67d15856f7.tar.xz wireguard-openbsd-8d69996f0cfd994d25340538cec24a67d15856f7.zip | |
pledge() a little later, after getopt operation, when we know tty name.
We can then unveil the tty file, and pledge() as before. No other files
are accessed after that point in time.
| -rw-r--r-- | usr.bin/mesg/mesg.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/usr.bin/mesg/mesg.c b/usr.bin/mesg/mesg.c index e7e960094e9..a2dc944ed5c 100644 --- a/usr.bin/mesg/mesg.c +++ b/usr.bin/mesg/mesg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mesg.c,v 1.12 2016/07/07 09:26:26 semarie Exp $ */ +/* $OpenBSD: mesg.c,v 1.13 2018/08/03 06:57:34 deraadt Exp $ */ /* $NetBSD: mesg.c,v 1.4 1994/12/23 07:16:32 jtc Exp $ */ /* @@ -52,9 +52,6 @@ main(int argc, char *argv[]) char *tty; int ch; - if (pledge("stdio rpath fattr", NULL) == -1) - err(2, "pledge"); - while ((ch = getopt(argc, argv, "")) != -1) switch (ch) { case '?': @@ -66,6 +63,12 @@ main(int argc, char *argv[]) if ((tty = ttyname(STDERR_FILENO)) == NULL) err(2, "ttyname"); + + if (unveil(tty, "rw") == -1) + err(1, "unveil"); + if (pledge("stdio rpath fattr", NULL) == -1) + err(1, "unveil"); + if (stat(tty, &sb) < 0) err(2, "%s", tty); |