From: cheloha <cheloha@openbsd.org>
Date: Thu, 10 Feb 2022 14:55:43 +0000 (+0000)
Subject: look(1): use a stricter pledge(2) in lieu of unveil(2)
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=73296f59f8dcb6877025eed6cfa4ab88e4e7f449;p=openbsd

look(1): use a stricter pledge(2) in lieu of unveil(2)

We're only reading one file here, so unveil(2) is overkill.  We can
achieve the same effect with just pledge(2):

- Start with an initial pledge(2) of "stdio rpath" at the top of main().
  We know we need to read a file at this point but don't yet know which
  one.

- Drop the pledge(2) down to "stdio" after we open(2) and fstat(2) the
  chosen file.

- Dropping "rpath" obviates unveil(2).

Thread: https://marc.info/?l=openbsd-tech&m=164437072017248&w=2

ok millert@
---

diff --git a/usr.bin/look/look.c b/usr.bin/look/look.c
index d78a3fd4d0e..0d64b7a3ecb 100644
--- a/usr.bin/look/look.c
+++ b/usr.bin/look/look.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: look.c,v 1.25 2021/10/24 21:24:16 deraadt Exp $	*/
+/*	$OpenBSD: look.c,v 1.26 2022/02/10 14:55:43 cheloha Exp $	*/
 /*	$NetBSD: look.c,v 1.7 1995/08/31 22:41:02 jtc Exp $	*/
 
 /*-
@@ -77,6 +77,9 @@ main(int argc, char *argv[])
 	int ch, fd, termchar;
 	char *back, *file, *front, *string, *p;
 
+	if (pledge("stdio rpath", NULL) == -1)
+		err(2, "pledge");
+
 	file = _PATH_WORDS;
 	termchar = '\0';
 	while ((ch = getopt(argc, argv, "dft:")) != -1)
@@ -110,11 +113,6 @@ main(int argc, char *argv[])
 		usage();
 	}
 
-	if (unveil(file, "r") == -1)
-		err(2, "unveil %s", file);
-	if (pledge("stdio rpath", NULL) == -1)
-		err(2, "pledge");
-
 	if (termchar != '\0' && (p = strchr(string, termchar)) != NULL)
 		*++p = '\0';
 
@@ -122,6 +120,10 @@ main(int argc, char *argv[])
 		err(2, "%s", file);
 	if (sb.st_size > SIZE_MAX)
 		errc(2, EFBIG, "%s", file);
+
+	if (pledge("stdio", NULL) == -1)
+		err(2, "pledge");
+
 	if ((front = mmap(NULL,
 	    (size_t)sb.st_size, PROT_READ, MAP_PRIVATE, fd, (off_t)0)) == MAP_FAILED)
 		err(2, "%s", file);