diff options
| author |   pascal <pascal@openbsd.org> | 2015-10-22 14:53:00 +0000 |
|---|---|---|
| committer | pascal <pascal@openbsd.org> | 2015-10-22 14:53:00 +0000 |
| commit | c1f838d9e76e0a1f34f7e2784d8627328f33dd46 (patch) | |
| tree | 23160c6a12984b34b3e854f8170c05035e25d506 | |
| parent | Extend tests to call ASN1_{GENERALIZED,UTC,}TIME_set_string() with a NULL (diff) | |
| download | wireguard-openbsd-c1f838d9e76e0a1f34f7e2784d8627328f33dd46.tar.xz wireguard-openbsd-c1f838d9e76e0a1f34f7e2784d8627328f33dd46.zip | |
Add pledge(2) to some binutils that handle untrusted data. Most can do with
"stdio rpath", while objdump(1) also needs "tmppath" for objdump -i.
ok deraadt@, comments sthen@ kettenis@
| -rw-r--r-- | gnu/usr.bin/binutils-2.17/binutils/addr2line.c | 3 | ||||
| -rw-r--r-- | gnu/usr.bin/binutils-2.17/binutils/objdump.c | 3 | ||||
| -rw-r--r-- | gnu/usr.bin/binutils-2.17/binutils/readelf.c | 5 | ||||
| -rw-r--r-- | gnu/usr.bin/binutils-2.17/binutils/strings.c | 3 |
4 files changed, 14 insertions, 0 deletions
diff --git a/gnu/usr.bin/binutils-2.17/binutils/addr2line.c b/gnu/usr.bin/binutils-2.17/binutils/addr2line.c index 7cd67bc0a1b..47367093140 100644 --- a/gnu/usr.bin/binutils-2.17/binutils/addr2line.c +++ b/gnu/usr.bin/binutils-2.17/binutils/addr2line.c @@ -331,6 +331,9 @@ main (int argc, char **argv) bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); + if (pledge ("stdio rpath", NULL) == -1) + fatal (_("Failed to pledge")); + program_name = *argv; xmalloc_set_program_name (program_name); diff --git a/gnu/usr.bin/binutils-2.17/binutils/objdump.c b/gnu/usr.bin/binutils-2.17/binutils/objdump.c index 6e5eab56da2..bcd1a20a299 100644 --- a/gnu/usr.bin/binutils-2.17/binutils/objdump.c +++ b/gnu/usr.bin/binutils-2.17/binutils/objdump.c @@ -2962,6 +2962,9 @@ main (int argc, char **argv) bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); + if (pledge ("stdio rpath tmppath", NULL) == -1) + fatal (_("Failed to pledge")); + program_name = *argv; xmalloc_set_program_name (program_name); diff --git a/gnu/usr.bin/binutils-2.17/binutils/readelf.c b/gnu/usr.bin/binutils-2.17/binutils/readelf.c index 3b2b15bd6dc..fa3ce65cfef 100644 --- a/gnu/usr.bin/binutils-2.17/binutils/readelf.c +++ b/gnu/usr.bin/binutils-2.17/binutils/readelf.c @@ -9357,6 +9357,11 @@ main (int argc, char **argv) parse_args (argc, argv); + if (pledge ("stdio rpath", NULL) == -1) { + error (_("Failed to pledge\n")); + return 1; + } + if (num_dump_sects > 0) { /* Make a copy of the dump_sects array. */ diff --git a/gnu/usr.bin/binutils-2.17/binutils/strings.c b/gnu/usr.bin/binutils-2.17/binutils/strings.c index a04cb581eae..ede1bd59dd4 100644 --- a/gnu/usr.bin/binutils-2.17/binutils/strings.c +++ b/gnu/usr.bin/binutils-2.17/binutils/strings.c @@ -183,6 +183,9 @@ main (int argc, char **argv) bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); + if (pledge ("stdio rpath", NULL) == -1) + fatal (_("Failed to pledge")); + program_name = argv[0]; xmalloc_set_program_name (program_name); |