The file(1) magic-parsing process was using pledge "stdio getpw proc recvfd"

early on, then a set of getpwnam/setresuid/... before quickly dropping to
"stdio recvfd".  It receives fd's and runs the magic code on them in a
chroot'd "stdio" jail.  We can do better than that.

Before the recent change, "proc" contained both the concepts of "forking"
and "setuid".  "id" is now split out as a seperate request, and it is
exactly what this process needs momentarily.  So this loses another window
of opportunity, in case we have a major bug in .... hmm, it'd have to be
in getpwnam....

ok tedu doug semarie gilles

diff --git a/usr.bin/file/file.c b/usr.bin/file/file.c
index 65ae402..4462cbd 100644 (file)
--- a/usr.bin/file/file.c
+++ b/usr.bin/file/file.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: file.c,v 1.52 2015/10/09 01:37:07 deraadt Exp $ */
+/* $OpenBSD: file.c,v 1.53 2015/10/17 04:41:37 deraadt Exp $ */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -351,7 +351,7 @@ child(int fd, pid_t parent, int argc, char **argv)
        int                      i, idx;
        size_t                   len, width = 0;
 
-       if (pledge("stdio getpw proc recvfd", NULL) == -1)
+       if (pledge("stdio getpw recvfd id", NULL) == -1)
                err(1, "pledge");
 
        if (geteuid() == 0) {