Re: id -R routing domain

2017-05-30 Thread Theo de Raadt 
Looks good to me, after kern_pledge.c allows getrtable for "stdio"

Then the sneaky 0 can go away.

Index: kern_pledge.c
===
RCS file: /cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.209
diff -u -p -u -r1.209 kern_pledge.c
--- kern_pledge.c   21 May 2017 13:00:53 -  1.209
+++ kern_pledge.c   30 May 2017 14:57:45 -
@@ -129,6 +129,7 @@ const uint64_t pledge_syscalls[SYS_MAXSY
[SYS_getsid] = PLEDGE_STDIO,
[SYS_getthrid] = PLEDGE_STDIO,
[SYS_getrlimit] = PLEDGE_STDIO,
+   [SYS_getrtable] = PLEDGE_STDIO,
[SYS_gettimeofday] = PLEDGE_STDIO,
[SYS_getdtablecount] = PLEDGE_STDIO,
[SYS_getrusage] = PLEDGE_STDIO,

id -R routing domain

2017-05-30 Thread Ted Unangst 
make it easy to find out which rdomain a shell is in. id -R.

one small problem is that pledge doesn't permit getrtable().

Index: id.1
===
RCS file: /cvs/src/usr.bin/id/id.1,v
retrieving revision 1.18
diff -u -p -r1.18 id.1
--- id.119 May 2015 16:03:19 -  1.18
+++ id.130 May 2017 14:54:27 -
@@ -57,6 +57,8 @@
 .Nm id
 .Fl u Op Fl nr
 .Op Ar user
+.Nm id
+.Fl R
 .Sh DESCRIPTION
 The
 .Nm
@@ -115,6 +117,8 @@ If there is a login class specified for 
 database, it is displayed, preceded by the keyword
 .Dq class .
 Each display is on a separate line.
+.It Fl R
+Display the routing table of the current process.
 .It Fl r
 Display the real ID for the
 .Fl g
@@ -137,7 +141,7 @@ utility is compliant with the
 specification.
 .Pp
 The flags
-.Op Fl cp
+.Op Fl cpR
 are extensions to that specification.
 .Sh HISTORY
 The
Index: id.c
===
RCS file: /cvs/src/usr.bin/id/id.c,v
retrieving revision 1.26
diff -u -p -r1.26 id.c
--- id.c9 Oct 2015 01:37:07 -   1.26
+++ id.c30 May 2017 14:52:52 -
@@ -29,6 +29,9 @@
  * SUCH DAMAGE.
  */
 
+#include 
+#include  /* because getrtable() lives here */
+
 #include 
 #include 
 #include 
@@ -53,15 +56,15 @@ main(int argc, char *argv[])
 {
struct group *gr;
struct passwd *pw;
-   int ch, cflag, Gflag, gflag, nflag, pflag, rflag, uflag;
+   int ch, cflag, Gflag, gflag, nflag, pflag, Rflag, rflag, uflag;
uid_t uid;
gid_t gid;
const char *opts;
 
-   if (pledge("stdio getpw", NULL) == -1)
+   if (0 && pledge("stdio getpw", NULL) == -1)
err(1, "pledge");
 
-   cflag = Gflag = gflag = nflag = pflag = rflag = uflag = 0;
+   cflag = Gflag = gflag = nflag = pflag = Rflag = rflag = uflag = 0;
 
if (strcmp(getprogname(), "groups") == 0) {
Gflag = 1;
@@ -76,7 +79,7 @@ main(int argc, char *argv[])
if (argc > 1)
usage();
} else
-   opts = "cGgnpru";
+   opts = "cGgnpRru";
 
while ((ch = getopt(argc, argv, opts)) != -1)
switch(ch) {
@@ -95,6 +98,9 @@ main(int argc, char *argv[])
case 'p':
pflag = 1;
break;
+   case 'R':
+   Rflag = 1;
+   break;
case 'r':
rflag = 1;
break;
@@ -108,7 +114,7 @@ main(int argc, char *argv[])
argc -= optind;
argv += optind;
 
-   switch (cflag + Gflag + gflag + pflag + uflag) {
+   switch (cflag + Gflag + gflag + pflag + Rflag + uflag) {
case 1:
break;
case 0:
@@ -121,6 +127,11 @@ main(int argc, char *argv[])
 
if (strcmp(opts, "") != 0 && argc > 1)
usage();
+
+   if (Rflag) {
+   printf("%d\n", getrtable());
+   exit(0);
+   }
 
pw = *argv ? who(*argv) : NULL;