diff options
author | Tim Kuijsten <info+git@netsend.nl> | 2019-11-21 02:15:41 +0100 |
---|---|---|
committer | Leah Neukirchen <leah@vuxu.org> | 2020-09-06 16:34:56 +0200 |
commit | 4763032430834ff1d7dfe4293826cf845a71b990 (patch) | |
tree | 113205e6ce5f84eaf5df1c9347ba0187fa93f3ed /mshow.c | |
parent | 6bd687bfdc44bafdc18b96eaec0995e3254536f6 (diff) | |
download | mblaze-4763032430834ff1d7dfe4293826cf845a71b990.tar.gz mblaze-4763032430834ff1d7dfe4293826cf845a71b990.tar.xz mblaze-4763032430834ff1d7dfe4293826cf845a71b990.zip |
pledge(2) all programs
All programs except mshow have a very tight set of promises. mshow has a broad set of promises and might be a good future candidate to further restrict using unveil(2). This patch is based on commit 0300a112 by Alex Holst (dated 2017-12-07), which was proposed in GH PR #79. * pledged mpick, mflow and mdate so that now all programs are pledged * removed some unneeded promises and added some missing promises * move err.h include and OpenBSD ifdef into a new xpledge.h * cleaned up code aligning and whitespace Closes: #179 [via git-merge-pr]
Diffstat (limited to 'mshow.c')
-rw-r--r-- | mshow.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/mshow.c b/mshow.c index 8ecf157..8d70120 100644 --- a/mshow.c +++ b/mshow.c @@ -14,6 +14,7 @@ #include <unistd.h> #include "blaze822.h" +#include "xpledge.h" static int Bflag; static int rflag; @@ -797,6 +798,8 @@ main(int argc, char *argv[]) exit(1); } + xpledge("stdio rpath wpath cpath proc exec", NULL); + if (!rflag && !xflag && !Oflag && !Rflag) safe_output = 1; @@ -822,17 +825,22 @@ main(int argc, char *argv[]) } if (xflag) { // extract + xpledge("stdio rpath wpath cpath", NULL); extract(xflag, argc-optind, argv+optind, 0); } else if (Oflag) { // extract to stdout + xpledge("stdio rpath", NULL); extract(Oflag, argc-optind, argv+optind, 1); } else if (tflag) { // list + xpledge("stdio rpath", NULL); if (argc == optind && isatty(0)) blaze822_loop1(".", list); else blaze822_loop(argc-optind, argv+optind, list); } else if (Rflag) { // render for reply + xpledge("stdio rpath", NULL); blaze822_loop(argc-optind, argv+optind, reply); } else { // show + /* XXX pledge: still r/w on the whole file-system + fork/exec */ if (!(qflag || rflag || Fflag)) { char *f = getenv("MAILFILTER"); if (!f) |