On Mon, Jul 30, 2018 at 10:02:51AM -0600, Theo de Raadt wrote:
> Alexandre Ratchov <[email protected]> wrote:
>
> > On Mon, Jul 30, 2018 at 07:56:00AM -0600, Theo de Raadt wrote:
> > > there are a lot of files in /dev ...
> > >
> > > can you make this tighter?
> > >
> >
> > Yes. I'm experimenting around this right now. I'm looking at the
> > following possibilities:
> >
> > (1) during initialization, parse device names to determine paths, then
> > call unveil() for each file. This can work because sndiod knows in
> > advance all devices it will use.
>
> Good enough.
>
here's the diff.
Index: sndiod.c
===================================================================
RCS file: /cvs/src/usr.bin/sndiod/sndiod.c,v
retrieving revision 1.33
diff -u -p -r1.33 sndiod.c
--- sndiod.c 26 Jun 2018 07:12:35 -0000 1.33
+++ sndiod.c 30 Jul 2018 16:57:31 -0000
@@ -340,9 +340,26 @@ mkopt(char *path, struct dev *d,
return o;
}
+static void
+dounveil(char *name, char *prefix, char *path_prefix)
+{
+ size_t prefix_len;
+ char path[PATH_MAX];
+
+ prefix_len = strlen(prefix);
+
+ if (strncmp(name, prefix, prefix_len) != 0)
+ errx(1, "%s: unsupported device or port format", name);
+ snprintf(path, sizeof(path), "%s%s", path_prefix, name + prefix_len);
+ if (unveil(path, "rw") < 0)
+ err(1, "unveil");
+}
+
static int
start_helper(int background)
{
+ struct dev *d;
+ struct port *p;
struct passwd *pw;
int s[2];
pid_t pid;
@@ -378,6 +395,10 @@ start_helper(int background)
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
err(1, "cannot drop privileges");
}
+ for (d = dev_list; d != NULL; d = d->next)
+ dounveil(d->path, "rsnd/", "/dev/audio");
+ for (p = port_list; p != NULL; p = p->next)
+ dounveil(p->path, "rmidi/", "/dev/rmidi");
if (pledge("stdio sendfd rpath wpath", NULL) < 0)
err(1, "pledge");
while (file_poll())
