diff options
| author |   mestre <mestre@openbsd.org> | 2018-08-24 11:14:49 +0000 |
|---|---|---|
| committer | mestre <mestre@openbsd.org> | 2018-08-24 11:14:49 +0000 |
| commit | b9f129211620eb89b4a66305c6bd4241d9ac028d (patch) | |
| tree | aaaaaf7add40a89260ac46525e6e10a3ef3264f0 | |
| parent | display CPU_CPUID / machdep.cpuid in hex not decimal (diff) | |
| download | wireguard-openbsd-b9f129211620eb89b4a66305c6bd4241d9ac028d.tar.xz wireguard-openbsd-b9f129211620eb89b4a66305c6bd4241d9ac028d.zip | |
Remove a few too early pledge(2)s on games/ and apply them a little bit later
but with much reduced permissions ("stdio tty" if ncurses based and "stdio"
for the ones that only perform basic operations).
There's still a few games that we cannot yet remove their fs access, through
pledge(2), since they open files on demand and too late, this might get
revisited in the future.
OK tb@
| -rw-r--r-- | games/bs/bs.c | 6 | ||||
| -rw-r--r-- | games/canfield/canfield/canfield.c | 8 | ||||
| -rw-r--r-- | games/hack/makedefs.c | 9 | ||||
| -rw-r--r-- | games/quiz/quiz.c | 6 | ||||
| -rw-r--r-- | games/snake/snake.c | 9 | ||||
| -rw-r--r-- | games/worm/worm.c | 9 |
6 files changed, 29 insertions, 18 deletions
diff --git a/games/bs/bs.c b/games/bs/bs.c index 68bcdc3a452..188933f5aa8 100644 --- a/games/bs/bs.c +++ b/games/bs/bs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bs.c,v 1.40 2018/08/05 13:32:25 schwarze Exp $ */ +/* $OpenBSD: bs.c,v 1.41 2018/08/24 11:14:49 mestre Exp $ */ /* * Copyright (c) 1986, Bruce Holloway * All rights reserved. @@ -1341,6 +1341,10 @@ main(int argc, char *argv[]) do_options(argc, argv); intro(); + + if (pledge("stdio tty", NULL) == -1) + err(1, "pledge"); + do { initgame(); while(awinna() == -1) diff --git a/games/canfield/canfield/canfield.c b/games/canfield/canfield/canfield.c index 5af1631bf76..df81b14f517 100644 --- a/games/canfield/canfield/canfield.c +++ b/games/canfield/canfield/canfield.c @@ -1,4 +1,4 @@ -/* $OpenBSD: canfield.c,v 1.27 2016/09/11 14:21:17 tb Exp $ */ +/* $OpenBSD: canfield.c,v 1.28 2018/08/24 11:14:49 mestre Exp $ */ /* $NetBSD: canfield.c,v 1.7 1995/05/13 07:28:35 jtc Exp $ */ /* @@ -1732,9 +1732,6 @@ askquit(int dummy) int main(int argc, char *argv[]) { - if (pledge("stdio rpath wpath cpath tty", NULL) == -1) - err(1, "pledge"); - signal(SIGINT, askquit); signal(SIGHUP, cleanup); signal(SIGTERM, cleanup); @@ -1743,6 +1740,9 @@ main(int argc, char *argv[]) noecho(); initall(); + if (pledge("stdio tty", NULL) == -1) + err(1, "pledge"); + instruct(); makeboard(); for (;;) { diff --git a/games/hack/makedefs.c b/games/hack/makedefs.c index bd7c1e72521..5a30abe73c9 100644 --- a/games/hack/makedefs.c +++ b/games/hack/makedefs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: makedefs.c,v 1.10 2016/01/09 18:33:15 mestre Exp $ */ +/* $OpenBSD: makedefs.c,v 1.11 2018/08/24 11:14:49 mestre Exp $ */ /* * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica, @@ -89,9 +89,6 @@ main(int argc, char **argv) int propct = 0; char *sp; - if (pledge("stdio rpath", NULL) == -1) - err(1, "pledge"); - if (argc != 2) { (void)fprintf(stderr, "usage: makedefs file\n"); return 1; @@ -100,6 +97,10 @@ main(int argc, char **argv) perror(argv[1]); return 1; } + + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); + skipuntil("objects[] = {"); while(getentry()) { if(!*string){ diff --git a/games/quiz/quiz.c b/games/quiz/quiz.c index c1b33ca9328..073c1700719 100644 --- a/games/quiz/quiz.c +++ b/games/quiz/quiz.c @@ -1,4 +1,4 @@ -/* $OpenBSD: quiz.c,v 1.29 2016/03/07 12:07:56 mestre Exp $ */ +/* $OpenBSD: quiz.c,v 1.30 2018/08/24 11:14:49 mestre Exp $ */ /* $NetBSD: quiz.c,v 1.9 1995/04/22 10:16:58 cgd Exp $ */ /*- @@ -93,6 +93,10 @@ main(int argc, char *argv[]) err(1, "pledge"); get_file(indexfile); get_cats(argv[0], argv[1]); + + if (pledge("stdio", NULL) == -1) + err(1, "pledge"); + quiz(); break; default: diff --git a/games/snake/snake.c b/games/snake/snake.c index 780c5816fff..a0c8aac71c9 100644 --- a/games/snake/snake.c +++ b/games/snake/snake.c @@ -1,4 +1,4 @@ -/* $OpenBSD: snake.c,v 1.28 2016/09/11 14:21:18 tb Exp $ */ +/* $OpenBSD: snake.c,v 1.29 2018/08/24 11:14:49 mestre Exp $ */ /* $NetBSD: snake.c,v 1.8 1995/04/29 00:06:41 mycroft Exp $ */ /* @@ -140,9 +140,6 @@ main(int argc, char *argv[]) struct sigaction sa; int ch, i; - if (pledge("stdio rpath wpath cpath tty", NULL) == -1) - err(1, "pledge"); - #ifdef LOGGING const char *home; @@ -182,6 +179,10 @@ main(int argc, char *argv[]) readscores(1); penalty = loot = 0; initscr(); + + if (pledge("stdio tty", NULL) == -1) + err(1, "pledge"); + #ifdef KEY_LEFT keypad(stdscr, TRUE); #endif diff --git a/games/worm/worm.c b/games/worm/worm.c index 31392105d20..f8a86cf8af3 100644 --- a/games/worm/worm.c +++ b/games/worm/worm.c @@ -1,4 +1,4 @@ -/* $OpenBSD: worm.c,v 1.38 2016/01/07 16:00:33 tb Exp $ */ +/* $OpenBSD: worm.c,v 1.39 2018/08/24 11:14:49 mestre Exp $ */ /* * Copyright (c) 1980, 1993 @@ -89,9 +89,6 @@ main(int argc, char **argv) const char *errstr; struct timespec t, tn, tdiff; - if (pledge("stdio rpath tty", NULL) == -1) - err(1, "pledge"); - timespecclear(&t); setvbuf(stdout, outbuf, _IOFBF, sizeof outbuf); @@ -99,6 +96,10 @@ main(int argc, char **argv) signal(SIGQUIT, leave); signal(SIGTSTP, suspend); /* process control signal */ initscr(); + + if (pledge("stdio tty", NULL) == -1) + err(1, "pledge"); + cbreak(); noecho(); keypad(stdscr, TRUE); |