Re: yacc + unveil

Tue, 25 Sep 2018 08:57:35 -0700 

On Tue, Sep 25, 2018 at 11:42:26PM +0800, Michael Mikonos wrote:
> On Tue, Sep 25, 2018 at 05:25:54PM +0200, Sebastien Marie wrote:
> > On Tue, Sep 25, 2018 at 11:15:43PM +0800, Michael Mikonos wrote:
> > > On Tue, Sep 25, 2018 at 03:22:38PM +0100, Ricardo Mestre wrote:
> > > > This is an example of better to start at just hoisting the code that
> > > > opens the many fds and put them all inside open_files(). After that it's
> > > > just a matter of calling pledge("stdio") and we are done.
> > > > 
> > > > Of course that after this is done we can still make a list of all the 
> > > > files
> > > > we need to open and unveil them, but not the way it's done here.
> > > > 
> > > > Once I get back home from $DAYJOB I'll try to have a look at this.
> > > 
> > > After open_files() the wpath pledge can be dropped. rpath is still
> > > needed because /tmp files are reopened for read in output(). cpath
> > > is needed because /tmp files are unlinked at the end. This patch
> > > adds a pledge call, but is it better to just move the first pledge()
> > > down?
> > > 
> > 
> > you could try with the "tmppath" promise. I will allow opening/creating
> > files on /tmp and unlinking them (but not sure it will cover all yacc
> > need as it is designed for mkstemp(3) family). Unveil for such
> > operations are fine too, without explicit unveil(2) call.
> > 
> 
> Ah, I see what you mean. pledging "tmppath" is kind of like unveil
> because the allowed operations only work under /tmp.
> It's possible to do this after calling open_files() because the only
> files (re)opened later are in /tmp.

My description was wrong. tmppath allows unlink of /tmp files at the
end. rpath is still needed to reopen the /tmp files.

> 
> Index: main.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/yacc/main.c,v
> retrieving revision 1.29
> diff -u -p -u -r1.29 main.c
> --- main.c    25 May 2017 20:11:03 -0000      1.29
> +++ main.c    25 Sep 2018 15:38:18 -0000
> @@ -346,12 +346,16 @@ open_files(void)
>  int
>  main(int argc, char *argv[])
>  {
> -     if (pledge("stdio rpath wpath cpath", NULL) == -1)
> +     if (pledge("stdio rpath wpath cpath tmppath", NULL) == -1)
>               fatal("pledge: invalid arguments");
>  
>       set_signals();
>       getargs(argc, argv);
>       open_files();
> +
> +     if (pledge("stdio rpath tmppath", NULL) == -1)
> +             fatal("pledge: invalid arguments");
> +
>       reader();
>       lr0();
>       lalr();

Reply via email to