On Fri, Jan 04, 2019 at 11:52:05AM -0500, Ted Unangst wrote: > Theo de Raadt wrote: > > > unveil isn't really buying much if you pledge "rpath" immediately after, > > > so if you want just add another pledge here instead, that is fine. > > > > "rpath" is obviously cheaper than unveil of even 1 file. > > here is a diff that simply adds another pledge. > > the attack surface here is kinda nonexistant, but no reason why it needs the > ability to write files either. > > Index: file.c > =================================================================== > RCS file: /cvs/src/usr.bin/file/file.c,v > retrieving revision 1.66 > diff -u -p -r1.66 file.c > --- file.c 15 Jan 2018 19:45:51 -0000 1.66 > +++ file.c 4 Jan 2019 16:50:11 -0000 > @@ -168,6 +168,9 @@ main(int argc, char **argv) > } else if (argc == 0) > usage(); > > + if (pledge("stdio rpath getpw recvfd sendfd id proc", NULL) == -1) > + err(1, "pledge"); > + > magicfp = NULL; > if (geteuid() != 0 && !issetugid()) { > home = getenv("HOME");
ok brynet@