diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-10-03 02:18:20 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-10-03 02:18:20 +0000 |
| commit | f0cb10c41b03ec06499d77bf6c2b27264ecd26d8 (patch) | |
| tree | 96d6cb66e0d683d1cc1b82e95062cd067efe7aea | |
| parent | script is two processes. the main io-loop process can be locked down with (diff) | |
| download | wireguard-openbsd-f0cb10c41b03ec06499d77bf6c2b27264ecd26d8.tar.xz wireguard-openbsd-f0cb10c41b03ec06499d77bf6c2b27264ecd26d8.zip | |
uniq has a complicated initialization around getopt. beforehands, we
can tame "stdio rpath wpath cpath"; all three paths abilities are needed
for it to setup the right files (worst case spotted by sthen). later
once the files are opened, the program is only looking at strings and
outputing via stdio functions, so we can tame "stdio".
| -rw-r--r-- | usr.bin/uniq/uniq.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/usr.bin/uniq/uniq.c b/usr.bin/uniq/uniq.c index 7645f85062f..69dcf28c7ac 100644 --- a/usr.bin/uniq/uniq.c +++ b/usr.bin/uniq/uniq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uniq.c,v 1.19 2013/11/26 19:25:39 deraadt Exp $ */ +/* $OpenBSD: uniq.c,v 1.20 2015/10/03 02:18:20 deraadt Exp $ */ /* $NetBSD: uniq.c,v 1.7 1995/08/31 22:03:48 jtc Exp $ */ /* @@ -61,6 +61,9 @@ main(int argc, char *argv[]) int ch; char *prevline, *thisline; + if (tame("stdio rpath wpath cpath", NULL) == -1) + err(1, "tame"); + obsolete(argv); while ((ch = getopt(argc, argv, "cdf:s:u")) != -1) { const char *errstr; @@ -119,6 +122,9 @@ main(int argc, char *argv[]) usage(); } + if (tame("stdio", NULL) != 0) + err(1, "tame"); + prevline = malloc(MAXLINELEN); thisline = malloc(MAXLINELEN); if (prevline == NULL || thisline == NULL) |