From 8ce597b39125ff469e691e0be0f4dc60cf5e80dd Mon Sep 17 00:00:00 2001 From: doug Date: Sat, 10 Oct 2015 20:04:28 +0000 Subject: [PATCH] Add pledge support in awk and make awk -safe actually safe. awk -safe was introduced back in 1997 to stop awk from doing file output, execute commands or access the environment. The lexer rejected programs when it saw awk commands that would write, exec or env. Beyond that, it wasn't safe from write/exec/env during program execution. With pledge "stdio rpath", the kernel is now enforcing the awk -safe mode restrictions at runtime (other than env). Based on a diff by deraadt@ ok deraadt@ beck@ --- usr.bin/awk/main.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/usr.bin/awk/main.c b/usr.bin/awk/main.c index 75f62f80d76..6252251001f 100644 --- a/usr.bin/awk/main.c +++ b/usr.bin/awk/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.17 2011/09/28 19:27:18 millert Exp $ */ +/* $OpenBSD: main.c,v 1.18 2015/10/10 20:04:28 doug Exp $ */ /**************************************************************** Copyright (C) Lucent Technologies 1997 All Rights Reserved @@ -32,6 +32,7 @@ const char *version = "version 20110810"; #include #include #include +#include #include "awk.h" #include "ytab.h" @@ -60,6 +61,12 @@ int main(int argc, char *argv[]) { const char *fs = NULL; + if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1) { + fprintf(stderr, "%s: pledge: incorrect arguments\n", + cmdname); + exit(1); + } + setlocale(LC_ALL, ""); setlocale(LC_NUMERIC, "C"); /* for parsing cmdline & prog */ cmdname = __progname; @@ -147,6 +154,15 @@ int main(int argc, char *argv[]) argc--; argv++; } + + if (safe) { + if (pledge("stdio rpath", NULL) == -1) { + fprintf(stderr, "%s: pledge: incorrect arguments\n", + cmdname); + exit(1); + } + } + /* argv[1] is now the first argument */ if (npfile == 0) { /* no -f; first argument is program */ if (argc <= 1) { -- 2.20.1