From: deraadt <deraadt@openbsd.org>
Date: Fri, 3 Aug 2018 06:57:34 +0000 (+0000)
Subject: pledge() a little later, after getopt operation, when we know tty name.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=8d69996f0cfd994d25340538cec24a67d15856f7;p=openbsd

pledge() a little later, after getopt operation, when we know tty name.
We can then unveil the tty file, and pledge() as before.  No other files
are accessed after that point in time.
---

diff --git a/usr.bin/mesg/mesg.c b/usr.bin/mesg/mesg.c
index e7e960094e9..a2dc944ed5c 100644
--- a/usr.bin/mesg/mesg.c
+++ b/usr.bin/mesg/mesg.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mesg.c,v 1.12 2016/07/07 09:26:26 semarie Exp $	*/
+/*	$OpenBSD: mesg.c,v 1.13 2018/08/03 06:57:34 deraadt Exp $	*/
 /*	$NetBSD: mesg.c,v 1.4 1994/12/23 07:16:32 jtc Exp $	*/
 
 /*
@@ -52,9 +52,6 @@ main(int argc, char *argv[])
 	char *tty;
 	int ch;
 
-	if (pledge("stdio rpath fattr", NULL) == -1)
-		err(2, "pledge");
-
 	while ((ch = getopt(argc, argv, "")) != -1)
 		switch (ch) {
 		case '?':
@@ -66,6 +63,12 @@ main(int argc, char *argv[])
 
 	if ((tty = ttyname(STDERR_FILENO)) == NULL)
 		err(2, "ttyname");
+
+	if (unveil(tty, "rw") == -1)
+		err(1, "unveil");
+	if (pledge("stdio rpath fattr", NULL) == -1)
+		err(1, "unveil");
+
 	if (stat(tty, &sb) < 0)
 		err(2, "%s", tty);