From 81b6a0224fb31d67c429a7578a28e370d1555ae2 Mon Sep 17 00:00:00 2001 From: mestre Date: Sat, 23 Oct 2021 16:45:32 +0000 Subject: [PATCH] stty(1) can't be pledged for all modes, but it can be unveiled. the only file to be opened is on stty -f `file', so call unveil(2) afterwards to restrict all fs access. OK deraadt@ --- bin/stty/stty.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/bin/stty/stty.c b/bin/stty/stty.c index 904d86996cf..bb09ca97ab2 100644 --- a/bin/stty/stty.c +++ b/bin/stty/stty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: stty.c,v 1.21 2019/06/28 13:35:00 deraadt Exp $ */ +/* $OpenBSD: stty.c,v 1.22 2021/10/23 16:45:32 mestre Exp $ */ /* $NetBSD: stty.c,v 1.11 1995/03/21 09:11:30 cgd Exp $ */ /*- @@ -82,6 +82,11 @@ main(int argc, char *argv[]) args: argc -= optind; argv += optind; + if (unveil("/", "") == -1) + err(1, "unveil /"); + if (unveil(NULL, NULL) == -1) + err(1, "unveil"); + if (ioctl(i.fd, TIOCGETD, &i.ldisc) == -1) err(1, "TIOCGETD"); -- 2.20.1