patch appears to work fully with tame "stdio rpath wpath cpath tmppath fattr".

in case of exploitation, no more network access, fork, execve, etc. I wonder if we could use whitepath lists here - if it is reasonable to limit operation in directories known early on?
author: deraadt <deraadt@openbsd.org> 2015-10-03 02:35:56 +0000
committer: deraadt <deraadt@openbsd.org> 2015-10-03 02:35:56 +0000
commit: f38df4c4e6640ab6dd98479e53220a8c0272a3a0 (patch)
tree: 7821d50afcfa2b5b9c07dd11f2f0b5d050ca3415 /usr.bin/patch/patch.c
parent: arp uses a non-privileged sockraw to look at the kernel arp tables. (diff)
download: wireguard-openbsd-f38df4c4e6640ab6dd98479e53220a8c0272a3a0.tar.xz
wireguard-openbsd-f38df4c4e6640ab6dd98479e53220a8c0272a3a0.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/usr.bin/patch/patch.c b/usr.bin/patch/patch.c
index d53bda30193..3f7c54cd5d7 100644
--- a/usr.bin/patch/patch.c
+++ b/usr.bin/patch/patch.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: patch.c,v 1.54 2014/12/13 10:31:07 tobias Exp $	*/
+/*	$OpenBSD: patch.c,v 1.55 2015/10/03 02:35:56 deraadt Exp $	*/
 
 /*
  * patch - a program to apply diffs to original files
@@ -147,6 +147,9 @@ main(int argc, char *argv[])
 	const	char *tmpdir;
 	char	*v;
 
+	if (tame("stdio rpath wpath cpath tmppath fattr", NULL) == -1)
+		perror("tame");
+
 	setvbuf(stdout, NULL, _IOLBF, 0);
 	setvbuf(stderr, NULL, _IOLBF, 0);
 	for (i = 0; i < MAXFILEC; i++)
author	deraadt <deraadt@openbsd.org>	2015-10-03 02:35:56 +0000
committer	deraadt <deraadt@openbsd.org>	2015-10-03 02:35:56 +0000
commit	f38df4c4e6640ab6dd98479e53220a8c0272a3a0 (patch)
tree	7821d50afcfa2b5b9c07dd11f2f0b5d050ca3415 /usr.bin/patch/patch.c
parent	arp uses a non-privileged sockraw to look at the kernel arp tables. (diff)
download	wireguard-openbsd-f38df4c4e6640ab6dd98479e53220a8c0272a3a0.tar.xz wireguard-openbsd-f38df4c4e6640ab6dd98479e53220a8c0272a3a0.zip