- Use stdio instead of rw because of mprotect(2) in atexit.
- Pass the path to the file that can be opened.
- Switch to return instead of exit(3) in the nearby code.
I suspect that the paths argument is unused or not yet ready, but I
include in here regardless merely so that I can ask about it.
There is one line of code between the initial tame(2) and the
re-tame(2) -- this program has a tiny initialization, essentially. It
reads oddly but again: included so that I can ask about it.
Index: nologin.c
===================================================================
RCS file: /cvs/src/sbin/nologin/nologin.c,v
retrieving revision 1.5
diff -u -p -r1.5 nologin.c
--- nologin.c 10 Jul 2003 00:00:58 -0000 1.5
+++ nologin.c 3 Oct 2015 23:26:44 -0000
@@ -43,16 +43,24 @@ int main(int argc, char *argv[])
int nfd;
ssize_t nrd;
char nbuf[BUFSIZ];
+ const char *paths[] = { _PATH_NOLOGIN_TXT };
+
+ if (tame("stdio rpath", paths) == -1)
+ perror("tame");
nfd = open(_PATH_NOLOGIN_TXT, O_RDONLY);
+
+ if (tame("stdio", NULL) == -1)
+ perror("tame");
+
if (nfd < 0) {
write(STDOUT_FILENO, DEFAULT_MESG, strlen(DEFAULT_MESG));
- exit (1);
+ return 1;
}
while ((nrd = read(nfd, nbuf, sizeof(nbuf))) != -1 && nrd != 0)
write(STDOUT_FILENO, nbuf, nrd);
close (nfd);
- exit (1);
+ return 1;
}
