From: deraadt <deraadt@openbsd.org>
Date: Wed, 8 Aug 2018 17:52:46 +0000 (+0000)
Subject: An early pledge takes away many risk factors during spool opening/parsing.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=249577a17d67a5dd21a027c2498ffa674a7f38da;p=openbsd

An early pledge takes away many risk factors during spool opening/parsing.
This is worthwhile keeping, so add "unveil" to defer unveil(2) calls.
After various special cases are handled (including files which are anywhere
in the filesystem), unveil() to the specific file only.
---

diff --git a/usr.bin/from/from.c b/usr.bin/from/from.c
index bd2bd695801..9a185af1f3e 100644
--- a/usr.bin/from/from.c
+++ b/usr.bin/from/from.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: from.c,v 1.25 2017/05/31 19:41:30 millert Exp $	*/
+/*	$OpenBSD: from.c,v 1.26 2018/08/08 17:52:46 deraadt Exp $	*/
 /*	$NetBSD: from.c,v 1.6 1995/09/01 01:39:10 jtc Exp $	*/
 
 /*
@@ -74,10 +74,16 @@ main(int argc, char *argv[])
 	}
 	argv += optind;
 
-	if (pledge("stdio rpath getpw", NULL) == -1)
+	if (pledge("stdio unveil rpath getpw", NULL) == -1)
 		err(1, "pledge");
 
 	file = mail_spool(file, *argv);
+
+	if (unveil(file, "r") == -1)
+		err(1, "unveil");
+	if (pledge("stdio rpath getpw", NULL) == -1)
+		err(1, "pledge");
+
 	if ((fp = fopen(file, "r")) == NULL) {
 		if (!fflag && errno == ENOENT)
 			exit(EXIT_SUCCESS);