tame "stdio". I doubt there is a bug in the environment parsing code.

But if there is, and this program is taken control of, it is quite limited
in the system calls it can do.

diff --git a/usr.bin/printenv/printenv.c b/usr.bin/printenv/printenv.c
index d63ce07..a0be932 100644 (file)
--- a/usr.bin/printenv/printenv.c
+++ b/usr.bin/printenv/printenv.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: printenv.c,v 1.6 2009/10/27 23:59:41 deraadt Exp $    */
+/*     $OpenBSD: printenv.c,v 1.7 2015/10/07 06:35:19 deraadt Exp $    */
 
 /*
  * Copyright (c) 1987 Regents of the University of California.
@@ -32,6 +32,8 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#include <unistd.h>
+#include <err.h>
 
 /*
  * printenv
@@ -46,6 +48,9 @@ main(int argc, char *argv[])
        char *cp, **ep;
        int len;
 
+       if (tame("stdio", NULL) == -1)
+               err(1, "tame");
+
        if (argc < 2) {
                for (ep = environ; *ep; ep++)
                        puts(*ep);