artulab
projects / openbsd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9490edf)
Add pledge support in awk and make awk -safe actually safe.
authordoug <doug@openbsd.org>
Sat, 10 Oct 2015 20:04:28 +0000 (20:04 +0000)
committerdoug <doug@openbsd.org>
Sat, 10 Oct 2015 20:04:28 +0000 (20:04 +0000)
awk -safe was introduced back in 1997 to stop awk from doing file output,
execute commands or access the environment.  The lexer rejected programs
when it saw awk commands that would write, exec or env.  Beyond that,
it wasn't safe from write/exec/env during program execution.

With pledge "stdio rpath", the kernel is now enforcing the awk -safe
mode restrictions at runtime (other than env).

Based on a diff by deraadt@

ok deraadt@ beck@

usr.bin/awk/main.c patch | blob | history

diff --git a/usr.bin/awk/main.c b/usr.bin/awk/main.c
index 75f62f8..6252251 100644 (file)
--- a/usr.bin/awk/main.c
+++ b/usr.bin/awk/main.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: main.c,v 1.17 2011/09/28 19:27:18 millert Exp $       */
+/*     $OpenBSD: main.c,v 1.18 2015/10/10 20:04:28 doug Exp $  */
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -32,6 +32,7 @@ const char    *version = "version 20110810";
 #include <stdlib.h>
 #include <string.h>
 #include <signal.h>
+#include <unistd.h>
 #include "awk.h"
 #include "ytab.h"
 
@@ -60,6 +61,12 @@ int main(int argc, char *argv[])
 {
        const char *fs = NULL;
 
+       if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1) {
+               fprintf(stderr, "%s: pledge: incorrect arguments\n",
+                   cmdname);
+               exit(1);
+       }
+
        setlocale(LC_ALL, "");
        setlocale(LC_NUMERIC, "C"); /* for parsing cmdline & prog */
        cmdname = __progname;
@@ -147,6 +154,15 @@ int main(int argc, char *argv[])
                argc--;
                argv++;
        }
+
+       if (safe) {
+               if (pledge("stdio rpath", NULL) == -1) {
+                       fprintf(stderr, "%s: pledge: incorrect arguments\n",
+                           cmdname);
+                       exit(1);
+               }
+       }
+
        /* argv[1] is now the first argument */
        if (npfile == 0) {      /* no -f; first argument is program */
                if (argc <= 1) {
OpenBSD src
by Ahmet Artu Yildirim