From: doug Date: Sat, 10 Oct 2015 20:04:28 +0000 (+0000) Subject: Add pledge support in awk and make awk -safe actually safe. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=8ce597b39125ff469e691e0be0f4dc60cf5e80dd;p=openbsd Add pledge support in awk and make awk -safe actually safe. awk -safe was introduced back in 1997 to stop awk from doing file output, execute commands or access the environment. The lexer rejected programs when it saw awk commands that would write, exec or env. Beyond that, it wasn't safe from write/exec/env during program execution. With pledge "stdio rpath", the kernel is now enforcing the awk -safe mode restrictions at runtime (other than env). Based on a diff by deraadt@ ok deraadt@ beck@ --- diff --git a/usr.bin/awk/main.c b/usr.bin/awk/main.c index 75f62f80d76..6252251001f 100644 --- a/usr.bin/awk/main.c +++ b/usr.bin/awk/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.17 2011/09/28 19:27:18 millert Exp $ */ +/* $OpenBSD: main.c,v 1.18 2015/10/10 20:04:28 doug Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -32,6 +32,7 @@ const char *version = "version 20110810"; #include #include #include +#include #include "awk.h" #include "ytab.h" @@ -60,6 +61,12 @@ int main(int argc, char *argv[]) { const char *fs = NULL; + if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1) { + fprintf(stderr, "%s: pledge: incorrect arguments\n", + cmdname); + exit(1); + } + setlocale(LC_ALL, ""); setlocale(LC_NUMERIC, "C"); /* for parsing cmdline & prog */ cmdname = __progname; @@ -147,6 +154,15 @@ int main(int argc, char *argv[]) argc--; argv++; } + + if (safe) { + if (pledge("stdio rpath", NULL) == -1) { + fprintf(stderr, "%s: pledge: incorrect arguments\n", + cmdname); + exit(1); + } + } + /* argv[1] is now the first argument */ if (npfile == 0) { /* no -f; first argument is program */ if (argc <= 1) {