From: mestre <mestre@openbsd.org>
Date: Sat, 11 Aug 2018 11:00:34 +0000 (+0000)
Subject: look(1) will access /usr/share/dict/words to look for the string we want, or it
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=0444232b427cbb47da3092ff0f3dc649dfeb764d;p=openbsd

look(1) will access /usr/share/dict/words to look for the string we want, or it
may access another file instead if we mention it via argument. In order to know
which file to unveil(2) we need to push down pledge(2) a little bit after
getopt(3) and now that we know the name of the file we can unveil(2) it only
with read permissions.

OK deraadt@
---

diff --git a/usr.bin/look/look.c b/usr.bin/look/look.c
index a6112639e3f..baf3486d852 100644
--- a/usr.bin/look/look.c
+++ b/usr.bin/look/look.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: look.c,v 1.21 2017/01/21 10:03:27 krw Exp $	*/
+/*	$OpenBSD: look.c,v 1.22 2018/08/11 11:00:34 mestre Exp $	*/
 /*	$NetBSD: look.c,v 1.7 1995/08/31 22:41:02 jtc Exp $	*/
 
 /*-
@@ -77,9 +77,6 @@ main(int argc, char *argv[])
 	int ch, fd, termchar;
 	char *back, *file, *front, *string, *p;
 
-	if (pledge("stdio rpath", NULL) == -1)
-		err(1, "pledge");
-
 	file = _PATH_WORDS;
 	termchar = '\0';
 	while ((ch = getopt(argc, argv, "dft:")) != -1)
@@ -113,6 +110,11 @@ main(int argc, char *argv[])
 		usage();
 	}
 
+	if (unveil(file, "r") == -1)
+		err(2, "unveil");
+	if (pledge("stdio rpath", NULL) == -1)
+		err(2, "pledge");
+
 	if (termchar != '\0' && (p = strchr(string, termchar)) != NULL)
 		*++p = '\0';