add unveil(2) to ctfconv(1)

Once we know what the input file is, usually /bsd.gdb, we can unveil it in read
mode. If we also define as argument an output file we can additionally unveil
that one with write/create permissions.

We don't need to care about calling unveil(NULL, NULL) since we can call
pledge(2) and reduce the permissions down the road depending on the code path.

"reads OK" jasper@, "put it in if works" mpi@
prodded by deraadt@

diff --git a/usr.bin/ctfconv/ctfconv.c b/usr.bin/ctfconv/ctfconv.c
index a7f6509..8337cd8 100644 (file)
--- a/usr.bin/ctfconv/ctfconv.c
+++ b/usr.bin/ctfconv/ctfconv.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ctfconv.c,v 1.16 2017/11/06 14:59:27 mpi Exp $ */
+/*     $OpenBSD: ctfconv.c,v 1.17 2018/08/08 20:15:17 mestre Exp $ */
 
 /*
  * Copyright (c) 2016-2017 Martin Pieuchot
@@ -92,9 +92,6 @@ main(int argc, char *argv[])
 
        setlocale(LC_ALL, "");
 
-       if (pledge("stdio rpath wpath cpath", NULL) == -1)
-               err(1, "pledge");
-
        while ((ch = getopt(argc, argv, "dl:o:")) != -1) {
                switch (ch) {
                case 'd':
@@ -127,6 +124,18 @@ main(int argc, char *argv[])
                usage();
 
        filename = *argv;
+
+       if (unveil(filename, "r") == -1)
+               err(1, "unveil");
+
+       if (outfile != NULL) {
+               if (unveil(outfile, "wc") == -1)
+                       err(1, "unveil");
+       }
+
+       if (pledge("stdio rpath wpath cpath", NULL) == -1)
+               err(1, "pledge");
+
        error = convert(filename);
        if (error != 0)
                return error;