From 0444232b427cbb47da3092ff0f3dc649dfeb764d Mon Sep 17 00:00:00 2001 From: mestre Date: Sat, 11 Aug 2018 11:00:34 +0000 Subject: [PATCH] look(1) will access /usr/share/dict/words to look for the string we want, or it may access another file instead if we mention it via argument. In order to know which file to unveil(2) we need to push down pledge(2) a little bit after getopt(3) and now that we know the name of the file we can unveil(2) it only with read permissions. OK deraadt@ --- usr.bin/look/look.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/usr.bin/look/look.c b/usr.bin/look/look.c index a6112639e3f..baf3486d852 100644 --- a/usr.bin/look/look.c +++ b/usr.bin/look/look.c @@ -1,4 +1,4 @@ -/* $OpenBSD: look.c,v 1.21 2017/01/21 10:03:27 krw Exp $ */ +/* $OpenBSD: look.c,v 1.22 2018/08/11 11:00:34 mestre Exp $ */ /* $NetBSD: look.c,v 1.7 1995/08/31 22:41:02 jtc Exp $ */ /*- @@ -77,9 +77,6 @@ main(int argc, char *argv[]) int ch, fd, termchar; char *back, *file, *front, *string, *p; - if (pledge("stdio rpath", NULL) == -1) - err(1, "pledge"); - file = _PATH_WORDS; termchar = '\0'; while ((ch = getopt(argc, argv, "dft:")) != -1) @@ -113,6 +110,11 @@ main(int argc, char *argv[]) usage(); } + if (unveil(file, "r") == -1) + err(2, "unveil"); + if (pledge("stdio rpath", NULL) == -1) + err(2, "pledge"); + if (termchar != '\0' && (p = strchr(string, termchar)) != NULL) *++p = '\0'; -- 2.20.1