On Fri, Jan 04, 2019 at 11:52:05AM -0500, Ted Unangst wrote:
> Theo de Raadt wrote:
> > > unveil isn't really buying much if you pledge "rpath" immediately after,
> > > so if you want just add another pledge here instead, that is fine.
> >
> > "rpath" is obviously cheaper than unveil of even 1 file.
>
> here is a diff that simply adds another pledge.
>
> the attack surface here is kinda nonexistant, but no reason why it needs the
> ability to write files either.
>
> Index: file.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/file/file.c,v
> retrieving revision 1.66
> diff -u -p -r1.66 file.c
> --- file.c 15 Jan 2018 19:45:51 -0000 1.66
> +++ file.c 4 Jan 2019 16:50:11 -0000
> @@ -168,6 +168,9 @@ main(int argc, char **argv)
> } else if (argc == 0)
> usage();
>
> + if (pledge("stdio rpath getpw recvfd sendfd id proc", NULL) == -1)
> + err(1, "pledge");
> +
> magicfp = NULL;
> if (geteuid() != 0 && !issetugid()) {
> home = getenv("HOME");
ok brynet@
