On Tue, Sep 25, 2018 at 11:42:26PM +0800, Michael Mikonos wrote: > On Tue, Sep 25, 2018 at 05:25:54PM +0200, Sebastien Marie wrote: > > On Tue, Sep 25, 2018 at 11:15:43PM +0800, Michael Mikonos wrote: > > > On Tue, Sep 25, 2018 at 03:22:38PM +0100, Ricardo Mestre wrote: > > > > This is an example of better to start at just hoisting the code that > > > > opens the many fds and put them all inside open_files(). After that it's > > > > just a matter of calling pledge("stdio") and we are done. > > > > > > > > Of course that after this is done we can still make a list of all the > > > > files > > > > we need to open and unveil them, but not the way it's done here. > > > > > > > > Once I get back home from $DAYJOB I'll try to have a look at this. > > > > > > After open_files() the wpath pledge can be dropped. rpath is still > > > needed because /tmp files are reopened for read in output(). cpath > > > is needed because /tmp files are unlinked at the end. This patch > > > adds a pledge call, but is it better to just move the first pledge() > > > down? > > > > > > > you could try with the "tmppath" promise. I will allow opening/creating > > files on /tmp and unlinking them (but not sure it will cover all yacc > > need as it is designed for mkstemp(3) family). Unveil for such > > operations are fine too, without explicit unveil(2) call. > > > > Ah, I see what you mean. pledging "tmppath" is kind of like unveil > because the allowed operations only work under /tmp. > It's possible to do this after calling open_files() because the only > files (re)opened later are in /tmp.
My description was wrong. tmppath allows unlink of /tmp files at the end. rpath is still needed to reopen the /tmp files. > > Index: main.c > =================================================================== > RCS file: /cvs/src/usr.bin/yacc/main.c,v > retrieving revision 1.29 > diff -u -p -u -r1.29 main.c > --- main.c 25 May 2017 20:11:03 -0000 1.29 > +++ main.c 25 Sep 2018 15:38:18 -0000 > @@ -346,12 +346,16 @@ open_files(void) > int > main(int argc, char *argv[]) > { > - if (pledge("stdio rpath wpath cpath", NULL) == -1) > + if (pledge("stdio rpath wpath cpath tmppath", NULL) == -1) > fatal("pledge: invalid arguments"); > > set_signals(); > getargs(argc, argv); > open_files(); > + > + if (pledge("stdio rpath tmppath", NULL) == -1) > + fatal("pledge: invalid arguments"); > + > reader(); > lr0(); > lalr();