From 249577a17d67a5dd21a027c2498ffa674a7f38da Mon Sep 17 00:00:00 2001 From: deraadt Date: Wed, 8 Aug 2018 17:52:46 +0000 Subject: [PATCH] An early pledge takes away many risk factors during spool opening/parsing. This is worthwhile keeping, so add "unveil" to defer unveil(2) calls. After various special cases are handled (including files which are anywhere in the filesystem), unveil() to the specific file only. --- usr.bin/from/from.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/usr.bin/from/from.c b/usr.bin/from/from.c index bd2bd695801..9a185af1f3e 100644 --- a/usr.bin/from/from.c +++ b/usr.bin/from/from.c @@ -1,4 +1,4 @@ -/* $OpenBSD: from.c,v 1.25 2017/05/31 19:41:30 millert Exp $ */ +/* $OpenBSD: from.c,v 1.26 2018/08/08 17:52:46 deraadt Exp $ */ /* $NetBSD: from.c,v 1.6 1995/09/01 01:39:10 jtc Exp $ */ /* @@ -74,10 +74,16 @@ main(int argc, char *argv[]) } argv += optind; - if (pledge("stdio rpath getpw", NULL) == -1) + if (pledge("stdio unveil rpath getpw", NULL) == -1) err(1, "pledge"); file = mail_spool(file, *argv); + + if (unveil(file, "r") == -1) + err(1, "unveil"); + if (pledge("stdio rpath getpw", NULL) == -1) + err(1, "pledge"); + if ((fp = fopen(file, "r")) == NULL) { if (!fflag && errno == ENOENT) exit(EXIT_SUCCESS); -- 2.20.1