From: timkuijsten <timkuijsten@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: [PR PATCH] [Updated] pledge(2) all programs
Date: Sat, 08 Aug 2020 16:12:29 +0200 [thread overview]
Message-ID: <20200808141229.PXy7OCFi4JRNfFMFffdN8mUhAaVdjxlRm8hMnVJVdSs@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-fa6558a0-26e0-48f6-803f-f5a8af34f6a8-mblaze-179@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 867 bytes --]
There is an updated pull request by timkuijsten against master on the mblaze repository
https://github.com/timkuijsten/mblaze renewpledge
https://github.com/leahneukirchen/mblaze/pull/179
pledge(2) all programs
I have checked all pledge calls and added some to ensure all main() functions are pledged as tight as possible.
The only program remaining with a broad pledge is mshow (full filesystem access plus fork/exec). I think the most important improvement there would be to use unveil(2), but I consider adding support for unveil a separate endeavour.
I've been running this code without problems since December (with the exception of mdate which I just pledged), although I have only just rebased my work on all changes that happended in 2020 on master.
/cc @holsta
A patch file from https://github.com/leahneukirchen/mblaze/pull/179.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-renewpledge-179.patch --]
[-- Type: text/x-diff, Size: 44965 bytes --]
From 516c8286d4ab25dd43fe568d71bfc27c9b7707d5 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Thu, 21 Nov 2019 02:15:41 +0100
Subject: [PATCH 01/21] pledge(2) based on the work by by Alex Holst
The original repository that contained these patches does not exist
anymore. Grabbed commit 0300a112 from 2017-12-07 from GH PR #79.
* cleaned up aligning and whitespace
* added missing ifdef guards and err.h includes
---
maddr.c | 6 ++++++
magrep.c | 6 ++++++
mdeliver.c | 6 ++++++
mdirs.c | 6 ++++++
mexport.c | 6 ++++++
mflag.c | 6 ++++++
mgenmid.c | 6 ++++++
mhdr.c | 6 ++++++
minc.c | 6 ++++++
mlist.c | 6 ++++++
mmime.c | 6 ++++++
mscan.c | 6 ++++++
msed.c | 6 ++++++
mseq.c | 6 ++++++
mshow.c | 11 +++++++++++
msort.c | 5 +++++
mthread.c | 5 +++++
17 files changed, 105 insertions(+)
diff --git a/maddr.c b/maddr.c
index 339acad..95d20b0 100644
--- a/maddr.c
+++ b/maddr.c
@@ -1,5 +1,6 @@
#include <sys/types.h>
+#include <err.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
@@ -108,6 +109,11 @@ main(int argc, char *argv[])
exit(1);
}
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
+
if (argc == optind && isatty(0))
blaze822_loop1(":", addr);
else
diff --git a/magrep.c b/magrep.c
index 8cb3d1f..02b77a8 100644
--- a/magrep.c
+++ b/magrep.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <ctype.h>
+#include <err.h>
#include <errno.h>
#include <regex.h>
#include <stdio.h>
@@ -218,6 +219,11 @@ main(int argc, char *argv[])
if (!rx)
goto usage;
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
+
*rx++ = 0;
int r = regcomp(&pattern, rx, REG_EXTENDED | iflag);
if (r != 0) {
diff --git a/mdeliver.c b/mdeliver.c
index c599d9d..e9286c4 100644
--- a/mdeliver.c
+++ b/mdeliver.c
@@ -3,6 +3,7 @@
#include <sys/types.h>
#include <dirent.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
@@ -340,6 +341,11 @@ main(int argc, char *argv[])
if (argc != optind+1)
goto usage2;
+#if defined(__OpenBSD__)
+ if (pledge("stdio wpath", NULL) == -1)
+ err(1, "pledge");
+#endif
+
targetdir = argv[optind];
gethost();
diff --git a/mdirs.c b/mdirs.c
index 46b2426..8576634 100644
--- a/mdirs.c
+++ b/mdirs.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <dirent.h>
+#include <err.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
@@ -88,6 +89,11 @@ main(int argc, char *argv[])
if (argc == optind)
goto usage;
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
+
char toplevel[PATH_MAX];
if (!getcwd(toplevel, sizeof toplevel)) {
perror("mdirs: getcwd");
diff --git a/mexport.c b/mexport.c
index 91fa9a6..685263c 100644
--- a/mexport.c
+++ b/mexport.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <ctype.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
@@ -141,6 +142,11 @@ main(int argc, char *argv[])
status = 0;
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
+
if (argc == optind && isatty(0))
blaze822_loop1(":", export);
else
diff --git a/mflag.c b/mflag.c
index 7708946..991c070 100644
--- a/mflag.c
+++ b/mflag.c
@@ -1,6 +1,7 @@
#include <sys/types.h>
#include <dirent.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
@@ -134,6 +135,11 @@ main(int argc, char *argv[])
exit(1);
}
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
+
curfile = blaze822_seq_cur();
if (vflag) {
diff --git a/mgenmid.c b/mgenmid.c
index c7d713c..b214337 100644
--- a/mgenmid.c
+++ b/mgenmid.c
@@ -3,6 +3,7 @@
#include <sys/time.h>
#include <sys/types.h>
+#include <err.h>
#include <fcntl.h>
#include <netdb.h>
#include <stdint.h>
@@ -36,6 +37,11 @@ int main()
char *f = blaze822_home_file("profile");
struct message *config = blaze822(f);
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
+
if (config) // try FQDN: first
host = blaze822_hdr(config, "fqdn");
diff --git a/mhdr.c b/mhdr.c
index 18cbc5e..f957bed 100644
--- a/mhdr.c
+++ b/mhdr.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <ctype.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
@@ -245,6 +246,11 @@ main(int argc, char *argv[])
status = 1;
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
+
if (argc == optind && isatty(0))
blaze822_loop1(".", header);
else
diff --git a/minc.c b/minc.c
index f495da1..66eef10 100644
--- a/minc.c
+++ b/minc.c
@@ -1,6 +1,7 @@
#include <sys/types.h>
#include <dirent.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
@@ -76,6 +77,11 @@ main(int argc, char *argv[])
if (optind == argc)
goto usage;
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
+
status = 0;
for (i = optind; i < argc; i++)
inc(argv[i]);
diff --git a/mlist.c b/mlist.c
index 3cb082f..1080c4e 100644
--- a/mlist.c
+++ b/mlist.c
@@ -3,6 +3,7 @@
#include <sys/stat.h>
#include <dirent.h>
+#include <err.h>
#include <fcntl.h>
#include <limits.h>
#include <stdint.h>
@@ -272,6 +273,11 @@ main(int argc, char *argv[])
int i;
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
+
for (i = 0, flagsum = 0, flagset = 0; (size_t)i < sizeof flags; i++) {
if (flags[i] != 0)
flagset++;
diff --git a/mmime.c b/mmime.c
index 79e1ef0..c8cd803 100644
--- a/mmime.c
+++ b/mmime.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <dirent.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
@@ -503,6 +504,11 @@ main(int argc, char *argv[])
if (argc != optind)
goto usage;
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
+
if (cflag)
return check();
diff --git a/mscan.c b/mscan.c
index 6ae1628..f23f0cb 100644
--- a/mscan.c
+++ b/mscan.c
@@ -7,6 +7,7 @@
#include <sys/types.h>
#include <ctype.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <locale.h>
@@ -549,6 +550,11 @@ main(int argc, char *argv[])
exit(1);
}
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
+
if (nflag) {
if (argc == optind && isatty(0))
blaze822_loop1(":", numline);
diff --git a/msed.c b/msed.c
index 4fef8f4..1687c52 100644
--- a/msed.c
+++ b/msed.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <ctype.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <regex.h>
@@ -323,6 +324,11 @@ main(int argc, char *argv[])
exit(1);
}
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
+
expr = argv[optind];
optind++;
diff --git a/mseq.c b/mseq.c
index b8ebcfe..0707416 100644
--- a/mseq.c
+++ b/mseq.c
@@ -2,6 +2,7 @@
#include <sys/stat.h>
#include <dirent.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
@@ -298,6 +299,11 @@ main(int argc, char *argv[])
exit(1);
}
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath wpath cpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
+
if (cflag)
blaze822_loop1(cflag, overridecur);
diff --git a/mshow.c b/mshow.c
index 3a7fdce..517376d 100644
--- a/mshow.c
+++ b/mshow.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <ctype.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <fnmatch.h>
@@ -794,6 +795,11 @@ main(int argc, char *argv[])
if (!rflag && !xflag && !Oflag && !Rflag)
safe_output = 1;
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath tty cpath proc", NULL) == -1)
+ err(1, "pledge");
+#endif
+
if (safe_output && isatty(1)) {
char *pg;
pg = getenv("MBLAZE_PAGER");
@@ -815,6 +821,11 @@ main(int argc, char *argv[])
}
}
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath cpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
+
if (xflag) { // extract
extract(xflag, argc-optind, argv+optind, 0);
} else if (Oflag) { // extract to stdout
diff --git a/msort.c b/msort.c
index cdb7d4b..03f730a 100644
--- a/msort.c
+++ b/msort.c
@@ -2,6 +2,7 @@
#include <sys/types.h>
#include <ctype.h>
+#include <err.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -316,6 +317,10 @@ main(int argc, char *argv[])
exit(1);
}
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
mails = calloc(sizeof (struct mail), mailalloc);
if (!mails)
diff --git a/mthread.c b/mthread.c
index 8a7172a..64e86d2 100644
--- a/mthread.c
+++ b/mthread.c
@@ -8,6 +8,7 @@
#include <sys/stat.h>
#include <sys/types.h>
+#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <search.h>
@@ -419,6 +420,10 @@ main(int argc, char *argv[])
optional = 1;
+#if defined(__OpenBSD__)
+ if (pledge("stdio rpath tty", NULL) == -1)
+ err(1, "pledge");
+#endif
while ((c = getopt(argc, argv, "S:prv")) != -1)
switch (c) {
case 'S': blaze822_loop1(optarg, thread); break;
From ddda73d8a33b8f34a50b4f94651a246036763e6e Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Thu, 21 Nov 2019 02:36:05 +0100
Subject: [PATCH 02/21] mscan: replace _XOPEN_SOURCE 700 with _GNU_SOURCE
Otherwise pledge(2) is not included via unistd.h.
Tested on OpenBSD 6.6.
---
mscan.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/mscan.c b/mscan.c
index f23f0cb..f22d0b8 100644
--- a/mscan.c
+++ b/mscan.c
@@ -1,6 +1,4 @@
-#ifndef _XOPEN_SOURCE
-#define _XOPEN_SOURCE 700
-#endif
+#define _GNU_SOURCE
#include <sys/ioctl.h>
#include <sys/stat.h>
From 63c9e698a2a778327f44b99cac838ac0348b29f4 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Thu, 21 Nov 2019 02:49:48 +0100
Subject: [PATCH 03/21] pledge: minc needs cpath
---
minc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/minc.c b/minc.c
index 66eef10..c8ab63f 100644
--- a/minc.c
+++ b/minc.c
@@ -78,7 +78,7 @@ main(int argc, char *argv[])
goto usage;
#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty", NULL) == -1)
+ if (pledge("stdio rpath cpath tty", NULL) == -1)
err(1, "pledge");
#endif
From 92635d98f54366d8841e281de9ce5fbc6edbd645 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Thu, 21 Nov 2019 03:10:23 +0100
Subject: [PATCH 04/21] pledge: mflag needs cpath
---
mflag.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mflag.c b/mflag.c
index 991c070..c00c887 100644
--- a/mflag.c
+++ b/mflag.c
@@ -136,7 +136,7 @@ main(int argc, char *argv[])
}
#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty", NULL) == -1)
+ if (pledge("stdio rpath cpath tty", NULL) == -1)
err(1, "pledge");
#endif
From 89690a6a9f813961df8de1dd923ba021fb42f44f Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Thu, 21 Nov 2019 11:25:45 +0100
Subject: [PATCH 05/21] pledge: mdeliver needs rpath cpath
---
mdeliver.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mdeliver.c b/mdeliver.c
index e9286c4..f123d01 100644
--- a/mdeliver.c
+++ b/mdeliver.c
@@ -342,7 +342,7 @@ main(int argc, char *argv[])
goto usage2;
#if defined(__OpenBSD__)
- if (pledge("stdio wpath", NULL) == -1)
+ if (pledge("stdio rpath wpath cpath", NULL) == -1)
err(1, "pledge");
#endif
From 3947521b9fa778ffc3c861f473bb146d1fe93756 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Thu, 21 Nov 2019 16:10:52 +0100
Subject: [PATCH 06/21] pledge: mshow needs fork and exec
---
mshow.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/mshow.c b/mshow.c
index 517376d..79c3492 100644
--- a/mshow.c
+++ b/mshow.c
@@ -796,7 +796,7 @@ main(int argc, char *argv[])
safe_output = 1;
#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty cpath proc", NULL) == -1)
+ if (pledge("stdio rpath tty cpath proc exec", NULL) == -1)
err(1, "pledge");
#endif
@@ -821,11 +821,6 @@ main(int argc, char *argv[])
}
}
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath cpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
-
if (xflag) { // extract
extract(xflag, argc-optind, argv+optind, 0);
} else if (Oflag) { // extract to stdout
From b8bb7e9bb98075c1d3d9a30c92300c450f43392f Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Fri, 22 Nov 2019 10:27:48 +0100
Subject: [PATCH 07/21] pledge: mshow needs wpath
---
mshow.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mshow.c b/mshow.c
index 79c3492..45bb2cf 100644
--- a/mshow.c
+++ b/mshow.c
@@ -796,7 +796,7 @@ main(int argc, char *argv[])
safe_output = 1;
#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty cpath proc exec", NULL) == -1)
+ if (pledge("stdio rpath wpath cpath tty proc exec", NULL) == -1)
err(1, "pledge");
#endif
From 7cef953d502900dbe2f458a6f2a959aad48c7f9d Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Fri, 22 Nov 2019 21:30:09 +0100
Subject: [PATCH 08/21] new xpledge.h
---
xpledge.h | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
create mode 100644 xpledge.h
diff --git a/xpledge.h b/xpledge.h
new file mode 100644
index 0000000..0e472e0
--- /dev/null
+++ b/xpledge.h
@@ -0,0 +1,22 @@
+#ifndef PLEDGE_H
+#define PLEDGE_H
+
+#ifdef __OpenBSD__
+
+#include <err.h>
+#include <unistd.h>
+
+void
+xpledge(const char *promises, const char *execpromises)
+{
+ if (pledge(promises, execpromises) == -1)
+ err(1, "pledge");
+}
+
+#endif /* __OpenBSD__ */
+
+#elif
+
+#define xpledge(promises, execpromises)) 0
+
+#endif /* PLEDGE_H */
From b3c61d26ca8da5b3e64f52686100d3e2135b3f31 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Fri, 22 Nov 2019 21:48:40 +0100
Subject: [PATCH 09/21] replace ifdef OpenBSD with new xpledge()
ed(1) rocks!
---
maddr.c | 6 ++----
magrep.c | 6 ++----
mdeliver.c | 6 ++----
mdirs.c | 6 ++----
mexport.c | 6 ++----
mflag.c | 6 ++----
mgenmid.c | 6 ++----
mhdr.c | 6 ++----
minc.c | 6 ++----
mlist.c | 6 ++----
mmime.c | 6 ++----
mscan.c | 6 ++----
msed.c | 6 ++----
mseq.c | 6 ++----
mshow.c | 6 ++----
msort.c | 6 ++----
mthread.c | 7 +++----
17 files changed, 35 insertions(+), 68 deletions(-)
diff --git a/maddr.c b/maddr.c
index 95d20b0..e8784d9 100644
--- a/maddr.c
+++ b/maddr.c
@@ -8,6 +8,7 @@
#include <unistd.h>
#include "blaze822.h"
+#include "xpledge.h"
static int aflag;
static int dflag;
@@ -109,10 +110,7 @@ main(int argc, char *argv[])
exit(1);
}
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath tty", NULL);
if (argc == optind && isatty(0))
blaze822_loop1(":", addr);
diff --git a/magrep.c b/magrep.c
index 02b77a8..bcd488d 100644
--- a/magrep.c
+++ b/magrep.c
@@ -11,6 +11,7 @@
#include <unistd.h>
#include "blaze822.h"
+#include "xpledge.h"
static int aflag;
static int cflag;
@@ -219,10 +220,7 @@ main(int argc, char *argv[])
if (!rx)
goto usage;
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath tty", NULL);
*rx++ = 0;
int r = regcomp(&pattern, rx, REG_EXTENDED | iflag);
diff --git a/mdeliver.c b/mdeliver.c
index f123d01..6853fa7 100644
--- a/mdeliver.c
+++ b/mdeliver.c
@@ -14,6 +14,7 @@
#include <unistd.h>
#include "blaze822.h"
+#include "xpledge.h"
/*
design rationale:
@@ -341,10 +342,7 @@ main(int argc, char *argv[])
if (argc != optind+1)
goto usage2;
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath wpath cpath", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath wpath cpath", NULL);
targetdir = argv[optind];
diff --git a/mdirs.c b/mdirs.c
index 8576634..ba57f90 100644
--- a/mdirs.c
+++ b/mdirs.c
@@ -10,6 +10,7 @@
#include "blaze822.h"
#include "blaze822_priv.h"
+#include "xpledge.h"
static char sep = '\n';
int aflag;
@@ -89,10 +90,7 @@ main(int argc, char *argv[])
if (argc == optind)
goto usage;
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath tty", NULL);
char toplevel[PATH_MAX];
if (!getcwd(toplevel, sizeof toplevel)) {
diff --git a/mexport.c b/mexport.c
index 685263c..7152251 100644
--- a/mexport.c
+++ b/mexport.c
@@ -11,6 +11,7 @@
#include <unistd.h>
#include "blaze822.h"
+#include "xpledge.h"
static int Sflag;
@@ -142,10 +143,7 @@ main(int argc, char *argv[])
status = 0;
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath tty", NULL);
if (argc == optind && isatty(0))
blaze822_loop1(":", export);
diff --git a/mflag.c b/mflag.c
index c00c887..6a01b74 100644
--- a/mflag.c
+++ b/mflag.c
@@ -14,6 +14,7 @@
#include "blaze822.h"
#include "blaze822_priv.h"
+#include "xpledge.h"
static int8_t flags[255];
static int vflag = 0;
@@ -135,10 +136,7 @@ main(int argc, char *argv[])
exit(1);
}
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath cpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath cpath tty", NULL);
curfile = blaze822_seq_cur();
diff --git a/mgenmid.c b/mgenmid.c
index b214337..7642e5f 100644
--- a/mgenmid.c
+++ b/mgenmid.c
@@ -14,6 +14,7 @@
#include <unistd.h>
#include "blaze822.h"
+#include "xpledge.h"
void
printb36(uint64_t x)
@@ -37,10 +38,7 @@ int main()
char *f = blaze822_home_file("profile");
struct message *config = blaze822(f);
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath tty", NULL);
if (config) // try FQDN: first
host = blaze822_hdr(config, "fqdn");
diff --git a/mhdr.c b/mhdr.c
index f957bed..1babffe 100644
--- a/mhdr.c
+++ b/mhdr.c
@@ -11,6 +11,7 @@
#include <unistd.h>
#include "blaze822.h"
+#include "xpledge.h"
static char *hflag;
static char *pflag;
@@ -246,10 +247,7 @@ main(int argc, char *argv[])
status = 1;
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath tty", NULL);
if (argc == optind && isatty(0))
blaze822_loop1(".", header);
diff --git a/minc.c b/minc.c
index c8ab63f..0a80749 100644
--- a/minc.c
+++ b/minc.c
@@ -13,6 +13,7 @@
#include "blaze822.h"
#include "blaze822_priv.h"
+#include "xpledge.h"
static int qflag;
static int status;
@@ -77,10 +78,7 @@ main(int argc, char *argv[])
if (optind == argc)
goto usage;
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath cpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath cpath tty", NULL);
status = 0;
for (i = optind; i < argc; i++)
diff --git a/mlist.c b/mlist.c
index 1080c4e..bbc41de 100644
--- a/mlist.c
+++ b/mlist.c
@@ -14,6 +14,7 @@
#include "blaze822.h"
#include "blaze822_priv.h"
+#include "xpledge.h"
/*
@@ -273,10 +274,7 @@ main(int argc, char *argv[])
int i;
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath tty", NULL);
for (i = 0, flagsum = 0, flagset = 0; (size_t)i < sizeof flags; i++) {
if (flags[i] != 0)
diff --git a/mmime.c b/mmime.c
index c8cd803..95ffb3e 100644
--- a/mmime.c
+++ b/mmime.c
@@ -16,6 +16,7 @@
#include <unistd.h>
#include "blaze822.h"
+#include "xpledge.h"
static int cflag;
static int rflag;
@@ -504,10 +505,7 @@ main(int argc, char *argv[])
if (argc != optind)
goto usage;
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath tty", NULL);
if (cflag)
return check();
diff --git a/mscan.c b/mscan.c
index f22d0b8..44ff9bf 100644
--- a/mscan.c
+++ b/mscan.c
@@ -18,6 +18,7 @@
#include <wchar.h>
#include "blaze822.h"
+#include "xpledge.h"
#include "u8decode.h"
static int cols;
@@ -548,10 +549,7 @@ main(int argc, char *argv[])
exit(1);
}
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath tty", NULL);
if (nflag) {
if (argc == optind && isatty(0))
diff --git a/msed.c b/msed.c
index 1687c52..98a32c3 100644
--- a/msed.c
+++ b/msed.c
@@ -12,6 +12,7 @@
#include <unistd.h>
#include "blaze822.h"
+#include "xpledge.h"
static char *expr;
@@ -324,10 +325,7 @@ main(int argc, char *argv[])
exit(1);
}
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath tty", NULL);
expr = argv[optind];
optind++;
diff --git a/mseq.c b/mseq.c
index 0707416..86846ec 100644
--- a/mseq.c
+++ b/mseq.c
@@ -14,6 +14,7 @@
#include "blaze822.h"
#include "blaze822_priv.h"
+#include "xpledge.h"
static int fflag;
static int rflag;
@@ -299,10 +300,7 @@ main(int argc, char *argv[])
exit(1);
}
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath wpath cpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath wpath cpath tty", NULL);
if (cflag)
blaze822_loop1(cflag, overridecur);
diff --git a/mshow.c b/mshow.c
index 45bb2cf..4162b7e 100644
--- a/mshow.c
+++ b/mshow.c
@@ -15,6 +15,7 @@
#include <unistd.h>
#include "blaze822.h"
+#include "xpledge.h"
static int Bflag;
static int rflag;
@@ -795,10 +796,7 @@ main(int argc, char *argv[])
if (!rflag && !xflag && !Oflag && !Rflag)
safe_output = 1;
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath wpath cpath tty proc exec", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath wpath cpath tty proc exec", NULL);
if (safe_output && isatty(1)) {
char *pg;
diff --git a/msort.c b/msort.c
index 03f730a..18a6969 100644
--- a/msort.c
+++ b/msort.c
@@ -11,6 +11,7 @@
#include <unistd.h>
#include "blaze822.h"
+#include "xpledge.h"
struct mail {
char *file;
@@ -317,10 +318,7 @@ main(int argc, char *argv[])
exit(1);
}
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath tty", NULL);
mails = calloc(sizeof (struct mail), mailalloc);
if (!mails)
diff --git a/mthread.c b/mthread.c
index 64e86d2..9b0013e 100644
--- a/mthread.c
+++ b/mthread.c
@@ -20,6 +20,7 @@
#include <unistd.h>
#include "blaze822.h"
+#include "xpledge.h"
static int vflag;
static int pflag;
@@ -420,10 +421,8 @@ main(int argc, char *argv[])
optional = 1;
-#if defined(__OpenBSD__)
- if (pledge("stdio rpath tty", NULL) == -1)
- err(1, "pledge");
-#endif
+ xpledge("stdio rpath tty", NULL);
+
while ((c = getopt(argc, argv, "S:prv")) != -1)
switch (c) {
case 'S': blaze822_loop1(optarg, thread); break;
From 56a3892feaf549fb8c08696511cd3b58df587eb7 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Fri, 22 Nov 2019 22:54:34 +0100
Subject: [PATCH 10/21] mshow: more strict pledges
* drop tty
* drop proc, exec when using -x -O -t -R
* drop wpath, cpath when using -O -t -R
Normal operation without any option still retains the original set of
pledges.
---
mshow.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/mshow.c b/mshow.c
index 4162b7e..fa9d9d1 100644
--- a/mshow.c
+++ b/mshow.c
@@ -793,11 +793,11 @@ main(int argc, char *argv[])
exit(1);
}
+ xpledge("stdio rpath wpath cpath proc exec", NULL);
+
if (!rflag && !xflag && !Oflag && !Rflag)
safe_output = 1;
- xpledge("stdio rpath wpath cpath tty proc exec", NULL);
-
if (safe_output && isatty(1)) {
char *pg;
pg = getenv("MBLAZE_PAGER");
@@ -820,17 +820,22 @@ main(int argc, char *argv[])
}
if (xflag) { // extract
+ xpledge("stdio rpath wpath cpath", NULL);
extract(xflag, argc-optind, argv+optind, 0);
} else if (Oflag) { // extract to stdout
+ xpledge("stdio rpath", NULL);
extract(Oflag, argc-optind, argv+optind, 1);
} else if (tflag) { // list
+ xpledge("stdio rpath", NULL);
if (argc == optind && isatty(0))
blaze822_loop1(".", list);
else
blaze822_loop(argc-optind, argv+optind, list);
} else if (Rflag) { // render for reply
+ xpledge("stdio rpath", NULL);
blaze822_loop(argc-optind, argv+optind, reply);
} else { // show
+ /* XXX pledge: still r/w on the whole file-system + fork/exec */
if (!(qflag || rflag || Fflag)) {
char *f = getenv("MAILFILTER");
if (!f)
From cc6c4001a5d500028b4c550d3759ada0ddc8cfca Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Thu, 12 Dec 2019 01:50:17 +0100
Subject: [PATCH 11/21] mpick: pledge "stdio rpath"
---
mpick.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/mpick.c b/mpick.c
index bff0cc3..93bbafb 100644
--- a/mpick.c
+++ b/mpick.c
@@ -43,6 +43,7 @@
#include <wchar.h>
#include "blaze822.h"
+#include "xpledge.h"
enum op {
EXPR_OR = 1,
@@ -1463,6 +1464,8 @@ main(int argc, char *argv[])
exit(1);
}
+ xpledge("stdio rpath", "");
+
void *cb = need_thr ? collect : oneline;
if (argc == optind && isatty(0))
i = blaze822_loop1(":", cb);
From 578831ce287f18c32b119faddb451ac597cfe523 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Thu, 12 Dec 2019 01:59:01 +0100
Subject: [PATCH 12/21] mlist: more strict pledge
* drop tty
* disable execpromises
---
mlist.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mlist.c b/mlist.c
index bbc41de..5f4535d 100644
--- a/mlist.c
+++ b/mlist.c
@@ -274,7 +274,7 @@ main(int argc, char *argv[])
int i;
- xpledge("stdio rpath tty", NULL);
+ xpledge("stdio rpath", "");
for (i = 0, flagsum = 0, flagset = 0; (size_t)i < sizeof flags; i++) {
if (flags[i] != 0)
From 7fdab22d8994af8b7898bec64d660351bfd74448 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Sat, 14 Dec 2019 14:38:33 +0100
Subject: [PATCH 13/21] disable all execpromises where exec is not promised
---
maddr.c | 2 +-
magrep.c | 2 +-
mdeliver.c | 2 +-
mdirs.c | 2 +-
mexport.c | 2 +-
mflag.c | 2 +-
mgenmid.c | 2 +-
mhdr.c | 2 +-
minc.c | 2 +-
mmime.c | 2 +-
mscan.c | 2 +-
msed.c | 2 +-
mseq.c | 2 +-
msort.c | 2 +-
mthread.c | 2 +-
15 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/maddr.c b/maddr.c
index e8784d9..fbe2f9b 100644
--- a/maddr.c
+++ b/maddr.c
@@ -110,7 +110,7 @@ main(int argc, char *argv[])
exit(1);
}
- xpledge("stdio rpath tty", NULL);
+ xpledge("stdio rpath tty", "");
if (argc == optind && isatty(0))
blaze822_loop1(":", addr);
diff --git a/magrep.c b/magrep.c
index bcd488d..9c78078 100644
--- a/magrep.c
+++ b/magrep.c
@@ -220,7 +220,7 @@ main(int argc, char *argv[])
if (!rx)
goto usage;
- xpledge("stdio rpath tty", NULL);
+ xpledge("stdio rpath tty", "");
*rx++ = 0;
int r = regcomp(&pattern, rx, REG_EXTENDED | iflag);
diff --git a/mdeliver.c b/mdeliver.c
index 6853fa7..e66aa7a 100644
--- a/mdeliver.c
+++ b/mdeliver.c
@@ -342,7 +342,7 @@ main(int argc, char *argv[])
if (argc != optind+1)
goto usage2;
- xpledge("stdio rpath wpath cpath", NULL);
+ xpledge("stdio rpath wpath cpath", "");
targetdir = argv[optind];
diff --git a/mdirs.c b/mdirs.c
index ba57f90..7946372 100644
--- a/mdirs.c
+++ b/mdirs.c
@@ -90,7 +90,7 @@ main(int argc, char *argv[])
if (argc == optind)
goto usage;
- xpledge("stdio rpath tty", NULL);
+ xpledge("stdio rpath tty", "");
char toplevel[PATH_MAX];
if (!getcwd(toplevel, sizeof toplevel)) {
diff --git a/mexport.c b/mexport.c
index 7152251..4fc0ea3 100644
--- a/mexport.c
+++ b/mexport.c
@@ -143,7 +143,7 @@ main(int argc, char *argv[])
status = 0;
- xpledge("stdio rpath tty", NULL);
+ xpledge("stdio rpath tty", "");
if (argc == optind && isatty(0))
blaze822_loop1(":", export);
diff --git a/mflag.c b/mflag.c
index 6a01b74..c25b91c 100644
--- a/mflag.c
+++ b/mflag.c
@@ -136,7 +136,7 @@ main(int argc, char *argv[])
exit(1);
}
- xpledge("stdio rpath cpath tty", NULL);
+ xpledge("stdio rpath cpath tty", "");
curfile = blaze822_seq_cur();
diff --git a/mgenmid.c b/mgenmid.c
index 7642e5f..ec68898 100644
--- a/mgenmid.c
+++ b/mgenmid.c
@@ -38,7 +38,7 @@ int main()
char *f = blaze822_home_file("profile");
struct message *config = blaze822(f);
- xpledge("stdio rpath tty", NULL);
+ xpledge("stdio rpath tty", "");
if (config) // try FQDN: first
host = blaze822_hdr(config, "fqdn");
diff --git a/mhdr.c b/mhdr.c
index 1babffe..1701262 100644
--- a/mhdr.c
+++ b/mhdr.c
@@ -247,7 +247,7 @@ main(int argc, char *argv[])
status = 1;
- xpledge("stdio rpath tty", NULL);
+ xpledge("stdio rpath tty", "");
if (argc == optind && isatty(0))
blaze822_loop1(".", header);
diff --git a/minc.c b/minc.c
index 0a80749..53b9421 100644
--- a/minc.c
+++ b/minc.c
@@ -78,7 +78,7 @@ main(int argc, char *argv[])
if (optind == argc)
goto usage;
- xpledge("stdio rpath cpath tty", NULL);
+ xpledge("stdio rpath cpath tty", "");
status = 0;
for (i = optind; i < argc; i++)
diff --git a/mmime.c b/mmime.c
index 95ffb3e..18b0209 100644
--- a/mmime.c
+++ b/mmime.c
@@ -505,7 +505,7 @@ main(int argc, char *argv[])
if (argc != optind)
goto usage;
- xpledge("stdio rpath tty", NULL);
+ xpledge("stdio rpath tty", "");
if (cflag)
return check();
diff --git a/mscan.c b/mscan.c
index 44ff9bf..fe5d089 100644
--- a/mscan.c
+++ b/mscan.c
@@ -549,7 +549,7 @@ main(int argc, char *argv[])
exit(1);
}
- xpledge("stdio rpath tty", NULL);
+ xpledge("stdio rpath tty", "");
if (nflag) {
if (argc == optind && isatty(0))
diff --git a/msed.c b/msed.c
index 98a32c3..dca2c61 100644
--- a/msed.c
+++ b/msed.c
@@ -325,7 +325,7 @@ main(int argc, char *argv[])
exit(1);
}
- xpledge("stdio rpath tty", NULL);
+ xpledge("stdio rpath tty", "");
expr = argv[optind];
optind++;
diff --git a/mseq.c b/mseq.c
index 86846ec..c685962 100644
--- a/mseq.c
+++ b/mseq.c
@@ -300,7 +300,7 @@ main(int argc, char *argv[])
exit(1);
}
- xpledge("stdio rpath wpath cpath tty", NULL);
+ xpledge("stdio rpath wpath cpath tty", "");
if (cflag)
blaze822_loop1(cflag, overridecur);
diff --git a/msort.c b/msort.c
index 18a6969..0f40da7 100644
--- a/msort.c
+++ b/msort.c
@@ -318,7 +318,7 @@ main(int argc, char *argv[])
exit(1);
}
- xpledge("stdio rpath tty", NULL);
+ xpledge("stdio rpath tty", "");
mails = calloc(sizeof (struct mail), mailalloc);
if (!mails)
diff --git a/mthread.c b/mthread.c
index 9b0013e..ade118f 100644
--- a/mthread.c
+++ b/mthread.c
@@ -421,7 +421,7 @@ main(int argc, char *argv[])
optional = 1;
- xpledge("stdio rpath tty", NULL);
+ xpledge("stdio rpath tty", "");
while ((c = getopt(argc, argv, "S:prv")) != -1)
switch (c) {
From a24680201853d364f7c29dc976bd27574ff88bf4 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Sat, 14 Dec 2019 22:26:27 +0100
Subject: [PATCH 14/21] remove tty promise from most programs
Anything that does not working with /dev/tty probably does not need to
promise tty.
Only mscan and mflow open /dev/tty. mflow is not yet pledged, and mscan
now drops tty as soon as it's done issuing it's TIOCGWINSZ.
---
maddr.c | 2 +-
magrep.c | 2 +-
mdirs.c | 2 +-
mexport.c | 2 +-
mflag.c | 2 +-
mgenmid.c | 2 +-
mhdr.c | 2 +-
minc.c | 2 +-
mmime.c | 2 +-
mscan.c | 3 +++
msed.c | 2 +-
mseq.c | 2 +-
msort.c | 2 +-
mthread.c | 2 +-
14 files changed, 16 insertions(+), 13 deletions(-)
diff --git a/maddr.c b/maddr.c
index fbe2f9b..27b3245 100644
--- a/maddr.c
+++ b/maddr.c
@@ -110,7 +110,7 @@ main(int argc, char *argv[])
exit(1);
}
- xpledge("stdio rpath tty", "");
+ xpledge("stdio rpath", "");
if (argc == optind && isatty(0))
blaze822_loop1(":", addr);
diff --git a/magrep.c b/magrep.c
index 9c78078..2547eb1 100644
--- a/magrep.c
+++ b/magrep.c
@@ -220,7 +220,7 @@ main(int argc, char *argv[])
if (!rx)
goto usage;
- xpledge("stdio rpath tty", "");
+ xpledge("stdio rpath", "");
*rx++ = 0;
int r = regcomp(&pattern, rx, REG_EXTENDED | iflag);
diff --git a/mdirs.c b/mdirs.c
index 7946372..23d7792 100644
--- a/mdirs.c
+++ b/mdirs.c
@@ -90,7 +90,7 @@ main(int argc, char *argv[])
if (argc == optind)
goto usage;
- xpledge("stdio rpath tty", "");
+ xpledge("stdio rpath", "");
char toplevel[PATH_MAX];
if (!getcwd(toplevel, sizeof toplevel)) {
diff --git a/mexport.c b/mexport.c
index 4fc0ea3..8df8fec 100644
--- a/mexport.c
+++ b/mexport.c
@@ -143,7 +143,7 @@ main(int argc, char *argv[])
status = 0;
- xpledge("stdio rpath tty", "");
+ xpledge("stdio rpath", "");
if (argc == optind && isatty(0))
blaze822_loop1(":", export);
diff --git a/mflag.c b/mflag.c
index c25b91c..86fccae 100644
--- a/mflag.c
+++ b/mflag.c
@@ -136,7 +136,7 @@ main(int argc, char *argv[])
exit(1);
}
- xpledge("stdio rpath cpath tty", "");
+ xpledge("stdio rpath cpath", "");
curfile = blaze822_seq_cur();
diff --git a/mgenmid.c b/mgenmid.c
index ec68898..fde69c3 100644
--- a/mgenmid.c
+++ b/mgenmid.c
@@ -38,7 +38,7 @@ int main()
char *f = blaze822_home_file("profile");
struct message *config = blaze822(f);
- xpledge("stdio rpath tty", "");
+ xpledge("stdio rpath", "");
if (config) // try FQDN: first
host = blaze822_hdr(config, "fqdn");
diff --git a/mhdr.c b/mhdr.c
index 1701262..b17adb1 100644
--- a/mhdr.c
+++ b/mhdr.c
@@ -247,7 +247,7 @@ main(int argc, char *argv[])
status = 1;
- xpledge("stdio rpath tty", "");
+ xpledge("stdio rpath", "");
if (argc == optind && isatty(0))
blaze822_loop1(".", header);
diff --git a/minc.c b/minc.c
index 53b9421..6a05d59 100644
--- a/minc.c
+++ b/minc.c
@@ -78,7 +78,7 @@ main(int argc, char *argv[])
if (optind == argc)
goto usage;
- xpledge("stdio rpath cpath tty", "");
+ xpledge("stdio rpath cpath", "");
status = 0;
for (i = optind; i < argc; i++)
diff --git a/mmime.c b/mmime.c
index 18b0209..bad656c 100644
--- a/mmime.c
+++ b/mmime.c
@@ -505,7 +505,7 @@ main(int argc, char *argv[])
if (argc != optind)
goto usage;
- xpledge("stdio rpath tty", "");
+ xpledge("stdio rpath", "");
if (cflag)
return check();
diff --git a/mscan.c b/mscan.c
index fe5d089..693cb81 100644
--- a/mscan.c
+++ b/mscan.c
@@ -586,6 +586,9 @@ main(int argc, char *argv[])
}
if (ttyfd >= 0)
close(ttyfd);
+
+ xpledge("stdio rpath", "");
+
if (getenv("COLUMNS"))
cols = atoi(getenv("COLUMNS"));
if (cols <= 40)
diff --git a/msed.c b/msed.c
index dca2c61..e5fc06e 100644
--- a/msed.c
+++ b/msed.c
@@ -325,7 +325,7 @@ main(int argc, char *argv[])
exit(1);
}
- xpledge("stdio rpath tty", "");
+ xpledge("stdio rpath", "");
expr = argv[optind];
optind++;
diff --git a/mseq.c b/mseq.c
index c685962..14f50fb 100644
--- a/mseq.c
+++ b/mseq.c
@@ -300,7 +300,7 @@ main(int argc, char *argv[])
exit(1);
}
- xpledge("stdio rpath wpath cpath tty", "");
+ xpledge("stdio rpath wpath cpath", "");
if (cflag)
blaze822_loop1(cflag, overridecur);
diff --git a/msort.c b/msort.c
index 0f40da7..68efd46 100644
--- a/msort.c
+++ b/msort.c
@@ -318,7 +318,7 @@ main(int argc, char *argv[])
exit(1);
}
- xpledge("stdio rpath tty", "");
+ xpledge("stdio rpath", "");
mails = calloc(sizeof (struct mail), mailalloc);
if (!mails)
diff --git a/mthread.c b/mthread.c
index ade118f..cb8ebf5 100644
--- a/mthread.c
+++ b/mthread.c
@@ -421,7 +421,7 @@ main(int argc, char *argv[])
optional = 1;
- xpledge("stdio rpath tty", "");
+ xpledge("stdio rpath", "");
while ((c = getopt(argc, argv, "S:prv")) != -1)
switch (c) {
From 81d69d730518d220fa806b2af61535b3bd81e2e2 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Sat, 14 Dec 2019 22:43:33 +0100
Subject: [PATCH 15/21] mflow: pledge "stdio rpath tty"
After determining the window size drop rpath and tty promises.
---
mflow.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/mflow.c b/mflow.c
index 41db508..af6755d 100644
--- a/mflow.c
+++ b/mflow.c
@@ -10,6 +10,7 @@
#include <unistd.h>
#include "blaze822.h"
+#include "xpledge.h"
int column = 0;
int maxcolumn = 80;
@@ -107,6 +108,8 @@ main(int argc, char *argv[])
int force = 0;
int delsp = 0;
+ xpledge("stdio rpath tty", "");
+
char *ct = getenv("PIPE_CONTENTTYPE");
if (ct) {
char *s, *se;
@@ -130,6 +133,8 @@ main(int argc, char *argv[])
}
}
+ xpledge("stdio", "");
+
char *maxcols = getenv("MAXCOLUMNS");
if (maxcols && isdigit(*maxcols)) {
int m = atoi(maxcols);
From b8f27ecd43bb63cced30cfbaa7b0ba20b1626544 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Sat, 1 Aug 2020 18:18:58 +0200
Subject: [PATCH 16/21] mdate: pledge "stdio"
---
mdate.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/mdate.c b/mdate.c
index fb95d7c..793f65e 100644
--- a/mdate.c
+++ b/mdate.c
@@ -1,11 +1,17 @@
#include <time.h>
#include <unistd.h>
+#include "xpledge.h"
+
int
main()
{
char buf[64];
- time_t now = time(0);
+ time_t now;
+
+ xpledge("stdio", "");
+
+ now = time(0);
ssize_t l = strftime(buf, sizeof buf,
"%a, %d %b %Y %T %z\n", localtime(&now));
From 455ff28c33b45c1d806b5187c8bb4db4169af788 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Sat, 1 Aug 2020 18:42:05 +0200
Subject: [PATCH 17/21] mscan: add pledge proc exec in case a pager is used
---
mscan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mscan.c b/mscan.c
index 693cb81..272522e 100644
--- a/mscan.c
+++ b/mscan.c
@@ -549,7 +549,7 @@ main(int argc, char *argv[])
exit(1);
}
- xpledge("stdio rpath tty", "");
+ xpledge("stdio rpath tty proc exec", NULL);
if (nflag) {
if (argc == optind && isatty(0))
From 52b6df2cf86ff81d04ec9eed54e51fbdad95b181 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Sat, 8 Aug 2020 14:38:01 +0200
Subject: [PATCH 18/21] remove err.h includes
This is a BSDism that is now only included in xpledge.h which is
guarded by an __OpenBSD__ ifdef.
---
maddr.c | 1 -
magrep.c | 1 -
mdeliver.c | 1 -
mdirs.c | 1 -
mexport.c | 1 -
mflag.c | 1 -
mgenmid.c | 1 -
mhdr.c | 1 -
minc.c | 1 -
mlist.c | 1 -
mmime.c | 1 -
mscan.c | 1 -
msed.c | 1 -
mseq.c | 1 -
mshow.c | 1 -
msort.c | 1 -
mthread.c | 1 -
17 files changed, 17 deletions(-)
diff --git a/maddr.c b/maddr.c
index 27b3245..0169458 100644
--- a/maddr.c
+++ b/maddr.c
@@ -1,6 +1,5 @@
#include <sys/types.h>
-#include <err.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
diff --git a/magrep.c b/magrep.c
index 2547eb1..6f93a57 100644
--- a/magrep.c
+++ b/magrep.c
@@ -2,7 +2,6 @@
#include <sys/types.h>
#include <ctype.h>
-#include <err.h>
#include <errno.h>
#include <regex.h>
#include <stdio.h>
diff --git a/mdeliver.c b/mdeliver.c
index e66aa7a..161cea5 100644
--- a/mdeliver.c
+++ b/mdeliver.c
@@ -3,7 +3,6 @@
#include <sys/types.h>
#include <dirent.h>
-#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
diff --git a/mdirs.c b/mdirs.c
index 23d7792..5f49906 100644
--- a/mdirs.c
+++ b/mdirs.c
@@ -2,7 +2,6 @@
#include <sys/types.h>
#include <dirent.h>
-#include <err.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
diff --git a/mexport.c b/mexport.c
index 8df8fec..d758d0c 100644
--- a/mexport.c
+++ b/mexport.c
@@ -2,7 +2,6 @@
#include <sys/types.h>
#include <ctype.h>
-#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
diff --git a/mflag.c b/mflag.c
index 86fccae..ddf633c 100644
--- a/mflag.c
+++ b/mflag.c
@@ -1,7 +1,6 @@
#include <sys/types.h>
#include <dirent.h>
-#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
diff --git a/mgenmid.c b/mgenmid.c
index fde69c3..eb161cf 100644
--- a/mgenmid.c
+++ b/mgenmid.c
@@ -3,7 +3,6 @@
#include <sys/time.h>
#include <sys/types.h>
-#include <err.h>
#include <fcntl.h>
#include <netdb.h>
#include <stdint.h>
diff --git a/mhdr.c b/mhdr.c
index b17adb1..d434d1d 100644
--- a/mhdr.c
+++ b/mhdr.c
@@ -2,7 +2,6 @@
#include <sys/types.h>
#include <ctype.h>
-#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
diff --git a/minc.c b/minc.c
index 6a05d59..c1d28fd 100644
--- a/minc.c
+++ b/minc.c
@@ -1,7 +1,6 @@
#include <sys/types.h>
#include <dirent.h>
-#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
diff --git a/mlist.c b/mlist.c
index 5f4535d..5debf99 100644
--- a/mlist.c
+++ b/mlist.c
@@ -3,7 +3,6 @@
#include <sys/stat.h>
#include <dirent.h>
-#include <err.h>
#include <fcntl.h>
#include <limits.h>
#include <stdint.h>
diff --git a/mmime.c b/mmime.c
index bad656c..8064b10 100644
--- a/mmime.c
+++ b/mmime.c
@@ -2,7 +2,6 @@
#include <sys/types.h>
#include <dirent.h>
-#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
diff --git a/mscan.c b/mscan.c
index 272522e..deda213 100644
--- a/mscan.c
+++ b/mscan.c
@@ -5,7 +5,6 @@
#include <sys/types.h>
#include <ctype.h>
-#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <locale.h>
diff --git a/msed.c b/msed.c
index e5fc06e..7bb0b82 100644
--- a/msed.c
+++ b/msed.c
@@ -2,7 +2,6 @@
#include <sys/types.h>
#include <ctype.h>
-#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <regex.h>
diff --git a/mseq.c b/mseq.c
index 14f50fb..befbdda 100644
--- a/mseq.c
+++ b/mseq.c
@@ -2,7 +2,6 @@
#include <sys/stat.h>
#include <dirent.h>
-#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
diff --git a/mshow.c b/mshow.c
index fa9d9d1..140b1ed 100644
--- a/mshow.c
+++ b/mshow.c
@@ -2,7 +2,6 @@
#include <sys/types.h>
#include <ctype.h>
-#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <fnmatch.h>
diff --git a/msort.c b/msort.c
index 68efd46..2a83789 100644
--- a/msort.c
+++ b/msort.c
@@ -2,7 +2,6 @@
#include <sys/types.h>
#include <ctype.h>
-#include <err.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
diff --git a/mthread.c b/mthread.c
index cb8ebf5..9d718fc 100644
--- a/mthread.c
+++ b/mthread.c
@@ -8,7 +8,6 @@
#include <sys/stat.h>
#include <sys/types.h>
-#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <search.h>
From b0fa2602fd9c9e81860ba3cd71021b02cad9ba7b Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Sat, 8 Aug 2020 14:39:40 +0200
Subject: [PATCH 19/21] make xpledge() static
---
xpledge.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xpledge.h b/xpledge.h
index 0e472e0..41681df 100644
--- a/xpledge.h
+++ b/xpledge.h
@@ -6,7 +6,7 @@
#include <err.h>
#include <unistd.h>
-void
+static void
xpledge(const char *promises, const char *execpromises)
{
if (pledge(promises, execpromises) == -1)
From 7fca1fe2cee995cca5a310fe44146199d415d06e Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Sat, 8 Aug 2020 15:58:41 +0200
Subject: [PATCH 20/21] Revert "mscan: replace _XOPEN_SOURCE 700 with
_GNU_SOURCE"
This reverts commit ddda73d8a33b8f34a50b4f94651a246036763e6e.
---
mscan.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/mscan.c b/mscan.c
index deda213..f7ad227 100644
--- a/mscan.c
+++ b/mscan.c
@@ -1,4 +1,6 @@
-#define _GNU_SOURCE
+#ifndef _XOPEN_SOURCE
+#define _XOPEN_SOURCE 700
+#endif
#include <sys/ioctl.h>
#include <sys/stat.h>
From c693e5f6e33f21f784f56983581039fd434d98e8 Mon Sep 17 00:00:00 2001
From: Tim Kuijsten <info+git@netsend.nl>
Date: Sat, 8 Aug 2020 16:10:23 +0200
Subject: [PATCH 21/21] mscan: make sure pledge is defined
This fixes the following compiler warning:
./xpledge.h:12:6: warning: implicit declaration of function 'pledge' is invalid
in C99 [-Wimplicit-function-declaration]
---
mscan.c | 3 ++-
xpledge.h | 4 ++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/mscan.c b/mscan.c
index f7ad227..52ba9a4 100644
--- a/mscan.c
+++ b/mscan.c
@@ -2,6 +2,8 @@
#define _XOPEN_SOURCE 700
#endif
+#include "xpledge.h"
+
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <sys/types.h>
@@ -19,7 +21,6 @@
#include <wchar.h>
#include "blaze822.h"
-#include "xpledge.h"
#include "u8decode.h"
static int cols;
diff --git a/xpledge.h b/xpledge.h
index 41681df..f0fb9a0 100644
--- a/xpledge.h
+++ b/xpledge.h
@@ -3,6 +3,10 @@
#ifdef __OpenBSD__
+#ifndef _BSD_SOURCE
+#define _BSD_SOURCE
+#endif
+
#include <err.h>
#include <unistd.h>
next prev parent reply other threads:[~2020-08-08 14:12 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <gh-mailinglist-notifications-fa6558a0-26e0-48f6-803f-f5a8af34f6a8-mblaze-179@inbox.vuxu.org>
2020-08-03 17:43 ` leahneukirchen
2020-08-08 14:12 ` timkuijsten [this message]
2020-08-08 14:18 ` timkuijsten
2020-08-12 8:43 ` leahneukirchen
2020-08-13 13:55 ` [PR PATCH] [Updated] " timkuijsten
2020-08-13 14:03 ` timkuijsten
2020-09-06 14:35 ` [PR PATCH] [Closed]: " leahneukirchen
2020-09-06 14:35 ` leahneukirchen
2020-09-10 17:46 ` timkuijsten
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200808141229.PXy7OCFi4JRNfFMFffdN8mUhAaVdjxlRm8hMnVJVdSs@z \
--to=timkuijsten@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).