From: claudio <claudio@openbsd.org>
Date: Mon, 22 Mar 2021 11:49:15 +0000 (+0000)
Subject: Remove unveil() from the rsync_sender() and flist_gen(). The sender is
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=320af302062917f617494d13163b8ea116e21a7b;p=openbsd

Remove unveil() from the rsync_sender() and flist_gen(). The sender is
not able to properly unveil itself because you can request many files
as arguments. At the same time the sender is read-only and uses rpath
pledge() so the gain from unveil() is less of an issue.
On the receiver side all files land in one directory and this part still
uses unveil() to protect rsync to somehow walk out of the destination
directory.
From kristaps@
---

diff --git a/usr.bin/rsync/flist.c b/usr.bin/rsync/flist.c
index 88c777be2b4..e12cb813f6f 100644
--- a/usr.bin/rsync/flist.c
+++ b/usr.bin/rsync/flist.c
@@ -1,4 +1,4 @@
-/*	$Id: flist.c,v 1.30 2021/03/22 11:26:44 claudio Exp $ */
+/*	$Id: flist.c,v 1.31 2021/03/22 11:49:15 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2019 Florian Obser <florian@openbsd.org>
@@ -834,10 +834,6 @@ flist_gen_dirent(struct sess *sess, char *root, struct flist **fl, size_t *sz,
 			ERRX1("flist_append");
 			return 0;
 		}
-		if (unveil(root, "r") == -1) {
-			ERR("%s: unveil", root);
-			return 0;
-		}
 		return 1;
 	} else if (S_ISLNK(st.st_mode)) {
 		if (!sess->opts->preserve_links) {
@@ -854,10 +850,6 @@ flist_gen_dirent(struct sess *sess, char *root, struct flist **fl, size_t *sz,
 			ERRX1("flist_append");
 			return 0;
 		}
-		if (unveil(root, "r") == -1) {
-			ERR("%s: unveil", root);
-			return 0;
-		}
 		return 1;
 	} else if (!S_ISDIR(st.st_mode)) {
 		WARNX("%s: skipping special", root);
@@ -994,10 +986,6 @@ flist_gen_dirent(struct sess *sess, char *root, struct flist **fl, size_t *sz,
 		ERR("fts_read");
 		goto out;
 	}
-	if (unveil(root, "r") == -1) {
-		ERR("%s: unveil", root);
-		goto out;
-	}
 
 	LOG3("generated %zu filenames: %s", flsz, root);
 	rc = 1;
@@ -1091,10 +1079,6 @@ flist_gen_files(struct sess *sess, size_t argc, char **argv,
 
 		/* Add this file to our file-system worldview. */
 
-		if (unveil(argv[i], "r") == -1) {
-			ERR("%s: unveil", argv[i]);
-			goto out;
-		}
 		if (!flist_append(f, &st, argv[i])) {
 			ERRX1("flist_append");
 			goto out;
@@ -1133,10 +1117,6 @@ flist_gen(struct sess *sess, size_t argc, char **argv, struct flist **flp,
 
 	/* After scanning, lock our file-system view. */
 
-	if (unveil(NULL, NULL) == -1) {
-		ERR("unveil");
-		return 0;
-	}
 	if (!rc)
 		return 0;
 
diff --git a/usr.bin/rsync/sender.c b/usr.bin/rsync/sender.c
index 524a4f35c89..186dabf94fe 100644
--- a/usr.bin/rsync/sender.c
+++ b/usr.bin/rsync/sender.c
@@ -1,4 +1,4 @@
-/*	$Id: sender.c,v 1.26 2020/11/24 16:54:44 claudio Exp $ */
+/*	$Id: sender.c,v 1.27 2021/03/22 11:49:15 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -350,7 +350,7 @@ send_dl_enqueue(struct sess *sess, struct send_dlq *q,
  * It queues requests for updates as soon as it receives them.
  * Returns zero on failure, non-zero on success.
  *
- * Pledges: stdio, rpath, unveil.
+ * Pledges: stdio, getpw, rpath.
  */
 int
 rsync_sender(struct sess *sess, int fdin,
@@ -370,7 +370,7 @@ rsync_sender(struct sess *sess, int fdin,
 	size_t		    wbufpos = 0, wbufsz = 0, wbufmax = 0;
 	ssize_t		    ssz;
 
-	if (pledge("stdio getpw rpath unveil", NULL) == -1) {
+	if (pledge("stdio getpw rpath", NULL) == -1) {
 		ERR("pledge");
 		return 0;
 	}