From b9f129211620eb89b4a66305c6bd4241d9ac028d Mon Sep 17 00:00:00 2001
From: mestre <mestre@openbsd.org>
Date: Fri, 24 Aug 2018 11:14:49 +0000
Subject: [PATCH] Remove a few too early pledge(2)s on games/ and apply them a
 little bit later but with much reduced permissions ("stdio tty" if ncurses
 based and "stdio" for the ones that only perform basic operations).

There's still a few games that we cannot yet remove their fs access, through
pledge(2), since they open files on demand and too late, this might get
revisited in the future.

OK tb@
---
 games/bs/bs.c                      | 6 +++++-
 games/canfield/canfield/canfield.c | 8 ++++----
 games/hack/makedefs.c              | 9 +++++----
 games/quiz/quiz.c                  | 6 +++++-
 games/snake/snake.c                | 9 +++++----
 games/worm/worm.c                  | 9 +++++----
 6 files changed, 29 insertions(+), 18 deletions(-)

diff --git a/games/bs/bs.c b/games/bs/bs.c
index 68bcdc3a452..188933f5aa8 100644
--- a/games/bs/bs.c
+++ b/games/bs/bs.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bs.c,v 1.40 2018/08/05 13:32:25 schwarze Exp $	*/
+/*	$OpenBSD: bs.c,v 1.41 2018/08/24 11:14:49 mestre Exp $	*/
 /*
  * Copyright (c) 1986, Bruce Holloway
  * All rights reserved.
@@ -1341,6 +1341,10 @@ main(int argc, char *argv[])
     do_options(argc, argv);
 
     intro();
+
+    if (pledge("stdio tty", NULL) == -1)
+        err(1, "pledge");
+
     do {
 	initgame();
 	while(awinna() == -1)
diff --git a/games/canfield/canfield/canfield.c b/games/canfield/canfield/canfield.c
index 5af1631bf76..df81b14f517 100644
--- a/games/canfield/canfield/canfield.c
+++ b/games/canfield/canfield/canfield.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: canfield.c,v 1.27 2016/09/11 14:21:17 tb Exp $	*/
+/*	$OpenBSD: canfield.c,v 1.28 2018/08/24 11:14:49 mestre Exp $	*/
 /*	$NetBSD: canfield.c,v 1.7 1995/05/13 07:28:35 jtc Exp $	*/
 
 /*
@@ -1732,9 +1732,6 @@ askquit(int dummy)
 int
 main(int argc, char *argv[])
 {
-	if (pledge("stdio rpath wpath cpath tty", NULL) == -1)
-		err(1, "pledge");
-
 	signal(SIGINT, askquit);
 	signal(SIGHUP, cleanup);
 	signal(SIGTERM, cleanup);
@@ -1743,6 +1740,9 @@ main(int argc, char *argv[])
 	noecho();
 	initall();
 
+	if (pledge("stdio tty", NULL) == -1)
+		err(1, "pledge");
+
 	instruct();
 	makeboard();
 	for (;;) {
diff --git a/games/hack/makedefs.c b/games/hack/makedefs.c
index bd7c1e72521..5a30abe73c9 100644
--- a/games/hack/makedefs.c
+++ b/games/hack/makedefs.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: makedefs.c,v 1.10 2016/01/09 18:33:15 mestre Exp $	*/
+/*	$OpenBSD: makedefs.c,v 1.11 2018/08/24 11:14:49 mestre Exp $	*/
 
 /*
  * Copyright (c) 1985, Stichting Centrum voor Wiskunde en Informatica,
@@ -89,9 +89,6 @@ main(int argc, char **argv)
 	int propct = 0;
 	char *sp;
 
-	if (pledge("stdio rpath", NULL) == -1)
-		err(1, "pledge");
-
 	if (argc != 2) {
 		(void)fprintf(stderr, "usage: makedefs file\n");
 		return 1;
@@ -100,6 +97,10 @@ main(int argc, char **argv)
 		perror(argv[1]);
 		return 1;
 	}
+
+	if (pledge("stdio", NULL) == -1)
+		err(1, "pledge");
+
 	skipuntil("objects[] = {");
 	while(getentry()) {
 		if(!*string){
diff --git a/games/quiz/quiz.c b/games/quiz/quiz.c
index c1b33ca9328..073c1700719 100644
--- a/games/quiz/quiz.c
+++ b/games/quiz/quiz.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: quiz.c,v 1.29 2016/03/07 12:07:56 mestre Exp $	*/
+/*	$OpenBSD: quiz.c,v 1.30 2018/08/24 11:14:49 mestre Exp $	*/
 /*	$NetBSD: quiz.c,v 1.9 1995/04/22 10:16:58 cgd Exp $	*/
 
 /*-
@@ -93,6 +93,10 @@ main(int argc, char *argv[])
 			err(1, "pledge");
 		get_file(indexfile);
 		get_cats(argv[0], argv[1]);
+
+		if (pledge("stdio", NULL) == -1)
+			err(1, "pledge");
+
 		quiz();
 		break;
 	default:
diff --git a/games/snake/snake.c b/games/snake/snake.c
index 780c5816fff..a0c8aac71c9 100644
--- a/games/snake/snake.c
+++ b/games/snake/snake.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: snake.c,v 1.28 2016/09/11 14:21:18 tb Exp $	*/
+/*	$OpenBSD: snake.c,v 1.29 2018/08/24 11:14:49 mestre Exp $	*/
 /*	$NetBSD: snake.c,v 1.8 1995/04/29 00:06:41 mycroft Exp $	*/
 
 /*
@@ -140,9 +140,6 @@ main(int argc, char *argv[])
 	struct	sigaction sa;
 	int	ch, i;
 
-	if (pledge("stdio rpath wpath cpath tty", NULL) == -1)
-		err(1, "pledge");
-
 #ifdef LOGGING
 	const char	*home;
 
@@ -182,6 +179,10 @@ main(int argc, char *argv[])
 	readscores(1);
 	penalty = loot = 0;
 	initscr();
+
+	if (pledge("stdio tty", NULL) == -1)
+		err(1, "pledge");
+
 #ifdef KEY_LEFT
 	keypad(stdscr, TRUE);
 #endif
diff --git a/games/worm/worm.c b/games/worm/worm.c
index 31392105d20..f8a86cf8af3 100644
--- a/games/worm/worm.c
+++ b/games/worm/worm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: worm.c,v 1.38 2016/01/07 16:00:33 tb Exp $	*/
+/*	$OpenBSD: worm.c,v 1.39 2018/08/24 11:14:49 mestre Exp $	*/
 
 /*
  * Copyright (c) 1980, 1993
@@ -89,9 +89,6 @@ main(int argc, char **argv)
 	const char *errstr;
 	struct timespec t, tn, tdiff;
 
-	if (pledge("stdio rpath tty", NULL) == -1)
-		err(1, "pledge");
-
 	timespecclear(&t);
 
 	setvbuf(stdout, outbuf, _IOFBF, sizeof outbuf);
@@ -99,6 +96,10 @@ main(int argc, char **argv)
 	signal(SIGQUIT, leave);
 	signal(SIGTSTP, suspend);	/* process control signal */
 	initscr();
+
+	if (pledge("stdio tty", NULL) == -1)
+		err(1, "pledge");
+
 	cbreak();
 	noecho();
 	keypad(stdscr, TRUE);
-- 
2.20.1