Re: patch unveil fail
On Wed, Oct 25, 2023 at 07:00:28PM +0200, Omar Polo wrote: > On 2023/10/25 13:38:37 +0200, Alexander Bluhm wrote: > > @@ -213,11 +214,27 @@ main(int argc, char *argv[]) > > perror("unveil"); > > my_exit(2); > > } > > - if (filearg[0] != NULL) > > + if (filearg[0] != NULL) { > > + char *origdir; > > + > > if (unveil(filearg[0], "rwc") == -1) { > > perror("unveil"); > > my_exit(2); > > } > > + if ((origdir = dirname(filearg[0])) == NULL) { > > Not sure if we're interested in it, but dirname(3) theoretically alter > the passed string. our dirname doesn't do it, but per posix it can, > IIUC. This could cause issues since filearg[0] is used later. > > If we care about portability here, we should pass a copy to dirname. > don't know if we care thought. unveil(2) is not portable code anyway. And dirname(3) is only used for that. > > + perror("dirname"); > > + my_exit(2); > > + } > > + if (unveil(origdir, "rwc") == -1) { > > + perror("unveil"); > > + my_exit(2); > > + } > > + } else { > > + if (unveil(".", "rwc") == -1) { > > + perror("unveil"); > > + my_exit(2); > > + } > > + } > > if (filearg[1] != NULL) > > if (unveil(filearg[1], "r") == -1) { > > perror("unveil");
Re: patch unveil fail
On 2023/10/25 13:38:37 +0200, Alexander Bluhm wrote: > Index: patch.c > === > RCS file: /data/mirror/openbsd/cvs/src/usr.bin/patch/patch.c,v > diff -u -p -r1.74 patch.c > --- patch.c 19 Jul 2023 13:26:20 - 1.74 > +++ patch.c 24 Oct 2023 17:13:28 - > @@ -32,6 +32,7 @@ > > #include > #include > +#include > #include > #include > #include > @@ -213,11 +214,27 @@ main(int argc, char *argv[]) > perror("unveil"); > my_exit(2); > } > - if (filearg[0] != NULL) > + if (filearg[0] != NULL) { > + char *origdir; > + > if (unveil(filearg[0], "rwc") == -1) { > perror("unveil"); > my_exit(2); > } > + if ((origdir = dirname(filearg[0])) == NULL) { Not sure if we're interested in it, but dirname(3) theoretically alter the passed string. our dirname doesn't do it, but per posix it can, IIUC. This could cause issues since filearg[0] is used later. If we care about portability here, we should pass a copy to dirname. don't know if we care thought. > + perror("dirname"); > + my_exit(2); > + } > + if (unveil(origdir, "rwc") == -1) { > + perror("unveil"); > + my_exit(2); > + } > + } else { > + if (unveil(".", "rwc") == -1) { > + perror("unveil"); > + my_exit(2); > + } > + } > if (filearg[1] != NULL) > if (unveil(filearg[1], "r") == -1) { > perror("unveil");
Re: patch unveil fail
On Wed, 25 Oct 2023 13:38:37 +0200, Alexander Bluhm wrote: > Since 7.4 patch(1) does not work if an explicit patchfile is given on > command line. > > https://marc.info/?l=openbsd-cvs&m=168941770509379&w=2 OK millert@ - todd
Re: patch unveil fail
reads correct, OK florian On 2023-10-25 13:38 +02, Alexander Bluhm wrote: > Hi, > > Since 7.4 patch(1) does not work if an explicit patchfile is given on > command line. > > https://marc.info/?l=openbsd-cvs&m=168941770509379&w=2 > > root@ot14:.../~# patch /usr/src/usr.bin/patch/patch.c patch-unveil.diff > Hmm... Looks like a unified diff to me... > The text leading up to this was: > -- > |Index: patch.c > |=== > |RCS file: /data/mirror/openbsd/cvs/src/usr.bin/patch/patch.c,v > |diff -u -p -r1.74 patch.c > |--- patch.c19 Jul 2023 13:26:20 - 1.74 > |+++ patch.c24 Oct 2023 17:13:28 - > -- > Patching file /usr/src/usr.bin/patch/patch.c using Plan A... > Hunk #1 succeeded at 32. > Hunk #2 succeeded at 214. > Hunk #3 succeeded at 245. > Can't backup /usr/src/usr.bin/patch/patch.c, output is in > /tmp/patchoorjYymLKcM: No such file or directory > done > > A backup file should be created in the directory of the original > file, but only the current directory is unveiled. Then the patched > file is created in /tmp and does not replace the original patchfile > in place. > > Diff below fixes it. > > ok? > > bluhm > > Index: patch.c > === > RCS file: /data/mirror/openbsd/cvs/src/usr.bin/patch/patch.c,v > diff -u -p -r1.74 patch.c > --- patch.c 19 Jul 2023 13:26:20 - 1.74 > +++ patch.c 24 Oct 2023 17:13:28 - > @@ -32,6 +32,7 @@ > > #include > #include > +#include > #include > #include > #include > @@ -213,11 +214,27 @@ main(int argc, char *argv[]) > perror("unveil"); > my_exit(2); > } > - if (filearg[0] != NULL) > + if (filearg[0] != NULL) { > + char *origdir; > + > if (unveil(filearg[0], "rwc") == -1) { > perror("unveil"); > my_exit(2); > } > + if ((origdir = dirname(filearg[0])) == NULL) { > + perror("dirname"); > + my_exit(2); > + } > + if (unveil(origdir, "rwc") == -1) { > + perror("unveil"); > + my_exit(2); > + } > + } else { > + if (unveil(".", "rwc") == -1) { > + perror("unveil"); > + my_exit(2); > + } > + } > if (filearg[1] != NULL) > if (unveil(filearg[1], "r") == -1) { > perror("unveil"); > @@ -228,10 +245,6 @@ main(int argc, char *argv[]) > perror("unveil"); > my_exit(2); > } > - if (unveil(".", "rwc") == -1) { > - perror("unveil"); > - my_exit(2); > - } > if (*rejname != '\0') > if (unveil(rejname, "rwc") == -1) { > perror("unveil"); > -- In my defence, I have been left unsupervised.
patch unveil fail
Hi, Since 7.4 patch(1) does not work if an explicit patchfile is given on command line. https://marc.info/?l=openbsd-cvs&m=168941770509379&w=2 root@ot14:.../~# patch /usr/src/usr.bin/patch/patch.c patch-unveil.diff Hmm... Looks like a unified diff to me... The text leading up to this was: -- |Index: patch.c |=== |RCS file: /data/mirror/openbsd/cvs/src/usr.bin/patch/patch.c,v |diff -u -p -r1.74 patch.c |--- patch.c19 Jul 2023 13:26:20 - 1.74 |+++ patch.c24 Oct 2023 17:13:28 - -- Patching file /usr/src/usr.bin/patch/patch.c using Plan A... Hunk #1 succeeded at 32. Hunk #2 succeeded at 214. Hunk #3 succeeded at 245. Can't backup /usr/src/usr.bin/patch/patch.c, output is in /tmp/patchoorjYymLKcM: No such file or directory done A backup file should be created in the directory of the original file, but only the current directory is unveiled. Then the patched file is created in /tmp and does not replace the original patchfile in place. Diff below fixes it. ok? bluhm Index: patch.c === RCS file: /data/mirror/openbsd/cvs/src/usr.bin/patch/patch.c,v diff -u -p -r1.74 patch.c --- patch.c 19 Jul 2023 13:26:20 - 1.74 +++ patch.c 24 Oct 2023 17:13:28 - @@ -32,6 +32,7 @@ #include #include +#include #include #include #include @@ -213,11 +214,27 @@ main(int argc, char *argv[]) perror("unveil"); my_exit(2); } - if (filearg[0] != NULL) + if (filearg[0] != NULL) { + char *origdir; + if (unveil(filearg[0], "rwc") == -1) { perror("unveil"); my_exit(2); } + if ((origdir = dirname(filearg[0])) == NULL) { + perror("dirname"); + my_exit(2); + } + if (unveil(origdir, "rwc") == -1) { + perror("unveil"); + my_exit(2); + } + } else { + if (unveil(".", "rwc") == -1) { + perror("unveil"); + my_exit(2); + } + } if (filearg[1] != NULL) if (unveil(filearg[1], "r") == -1) { perror("unveil"); @@ -228,10 +245,6 @@ main(int argc, char *argv[]) perror("unveil"); my_exit(2); } - if (unveil(".", "rwc") == -1) { - perror("unveil"); - my_exit(2); - } if (*rejname != '\0') if (unveil(rejname, "rwc") == -1) { perror("unveil");