On Tue, Mar 15, 2016 at 12:32:16PM -0600, Theo de Raadt wrote:
> I am simply saying that pledge before opendev() makes no sense,
> because opendev() does not gaurantee the type of descriptor it is
> opening.
I noticed that this patch is still uncommitted since nobody ok'd it.
Sorry about that. Freshly generated patch below.
ok tb@
$ ktrace fdisk /dev/tty
Abort trap (core dumped)
$ kdump | tail
28663 fdisk CALL open(0x17b1f512f220,0<O_RDONLY>)
28663 fdisk NAMI "/dev/tty"
28663 fdisk RET open 3
28663 fdisk CALL fstat(3,0x7f7fffff07f0)
28663 fdisk STRU struct stat { dev=1040, ino=1280, mode=crw-rw-rw- ,
nlink=1, uid=0<"root">, gid=0<"wheel">, rdev=256, atime=1465498384<"Jun 9
20:53:04 2016">.697276353, mtime=1465498384<"Jun 9 20:53:04 2016">.697276353,
ctime=1465498384<"Jun 9 20:53:04 2016">.697276353, size=0, blocks=0,
blksize=65536, flags=0x0, gen=0x0 }
28663 fdisk RET fstat 0
28663 fdisk CALL ioctl(3,DIOCGPDINFO,0x17b1f5135160)
28663 fdisk PLDG ioctl, "ioctl", errno 1 Operation not permitted
28663 fdisk PSIG SIGABRT SIG_DFL code <-538976289>
28663 fdisk NAMI "fdisk.core"
Index: fdisk.c
===================================================================
RCS file: /var/cvs/src/sbin/fdisk/fdisk.c,v
retrieving revision 1.100
diff -u -p -r1.100 fdisk.c
--- fdisk.c 28 Mar 2016 16:55:09 -0000 1.100
+++ fdisk.c 28 Apr 2016 08:05:27 -0000
@@ -85,10 +85,6 @@ main(int argc, char *argv[])
struct dos_mbr dos_mbr;
struct mbr mbr;
- /* "proc exec" for man page display */
- if (pledge("stdio rpath wpath disklabel proc exec", NULL) == -1)
- err(1, "pledge");
-
while ((ch = getopt(argc, argv, "iegpuvf:c:h:s:l:b:y")) != -1) {
const char *errstr;
@@ -168,6 +164,10 @@ main(int argc, char *argv[])
disk.name = argv[0];
DISK_open(i_flag || u_flag || e_flag);
+
+ /* "proc exec" for man page display */
+ if (pledge("stdio rpath wpath disklabel proc exec", NULL) == -1)
+ err(1, "pledge");
error = MBR_read(0, &dos_mbr);
if (error)
