diff options
| author |   deraadt <deraadt@openbsd.org> | 2015-10-03 05:36:34 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2015-10-03 05:36:34 +0000 |
| commit | dce6c6ad6218139c75b7ab9bf88a3da07723234f (patch) | |
| tree | 381f40cc0e66751f31095423f477140b984cef53 /usr.bin/grep/grep.c | |
| parent | tame "stdio getpw rpath" can be done quite early after the getopt. (diff) | |
| download | wireguard-openbsd-dce6c6ad6218139c75b7ab9bf88a3da07723234f.tar.xz wireguard-openbsd-dce6c6ad6218139c75b7ab9bf88a3da07723234f.zip | |
grep only opens files read-only, reads via stdio or other methods, performs
computation, and outputs result to stdout. (note: in the tame model,
malloc is implicit because stdio needs it, and mmap is implicit since
malloc needs it; libz is satisfied by this environment also).
this tame change consists of 1 line, setting "stdio rpath" before
getopt. this protection is fairly strict. grep could be improved
further by computing a wpathlist based on argv, keeping -R in mind.
feel free to take a shot at it.
grep was an early target of capsicum also. know anyone running capsicum grep?
ok doug
Diffstat (limited to 'usr.bin/grep/grep.c')
| -rw-r--r-- | usr.bin/grep/grep.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.bin/grep/grep.c b/usr.bin/grep/grep.c index ddaabd23566..d3536387a9d 100644 --- a/usr.bin/grep/grep.c +++ b/usr.bin/grep/grep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: grep.c,v 1.52 2015/08/27 05:11:39 dlg Exp $ */ +/* $OpenBSD: grep.c,v 1.53 2015/10/03 05:36:34 deraadt Exp $ */ /*- * Copyright (c) 1999 James Howard and Dag-Erling Coïdan Smørgrav @@ -238,6 +238,9 @@ main(int argc, char *argv[]) char **expr; const char *errstr; + if (tame("stdio rpath", NULL) == -1) + err(1, "tame"); + SLIST_INIT(&patfilelh); switch (__progname[0]) { case 'e': |