From: deraadt <deraadt@openbsd.org>
Date: Wed, 7 Oct 2015 06:35:19 +0000 (+0000)
Subject: tame "stdio".  I doubt there is a bug in the environment parsing code.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=1d9f09f53aa491aa0f019ecbe48298ce92506f71;p=openbsd

tame "stdio".  I doubt there is a bug in the environment parsing code.
But if there is, and this program is taken control of, it is quite limited
in the system calls it can do.
---

diff --git a/usr.bin/printenv/printenv.c b/usr.bin/printenv/printenv.c
index d63ce075602..a0be932b36d 100644
--- a/usr.bin/printenv/printenv.c
+++ b/usr.bin/printenv/printenv.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: printenv.c,v 1.6 2009/10/27 23:59:41 deraadt Exp $	*/
+/*	$OpenBSD: printenv.c,v 1.7 2015/10/07 06:35:19 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1987 Regents of the University of California.
@@ -32,6 +32,8 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
+#include <unistd.h>
+#include <err.h>
 
 /*
  * printenv
@@ -46,6 +48,9 @@ main(int argc, char *argv[])
 	char *cp, **ep;
 	int len;
 
+	if (tame("stdio", NULL) == -1)
+		err(1, "tame");
+
 	if (argc < 2) {
 		for (ep = environ; *ep; ep++)
 			puts(*ep);