On 2020-05-02 17:04, Hiltjo Posthuma wrote:
> On Sat, May 02, 2020 at 04:48:38PM -0400, Qubes privileged user wrote:
>> The following patch tightens the pledges for ftp(1).
>>
>> This provides some additional guarantees, including that ftp(1) cannot
>> spawn child processes. This is a significant security win for
>> sysupgrade(8).
>>
>> I hope I did not mess up the diff - this is my first time submitting one.
>>
>> Index: usr.bin/ftp/main.c
>> ===================================================================
>> RCS file: /cvs/src/usr.bin/ftp/main.c,v
>> retrieving revision 1.131
>> diff -u -p -u -r1.131 main.c
>> --- usr.bin/ftp/main.c 11 Feb 2020 18:41:39 -0000 1.131
>> +++ usr.bin/ftp/main.c 2 May 2020 19:31:40 -0000
>> @@ -483,27 +483,39 @@ main(volatile int argc, char *argv[])
>> (void)signal(SIGWINCH, setttywidth);
>>
>> if (argc > 0) {
>> + int i, needs_exec = 0;
>> if (isurl(argv[0])) {
>> - if (pipeout) {
>> #ifndef SMALL
>> - if (pledge("stdio rpath dns tty inet proc exec
>> fattr",
>> - NULL) == -1)
>> - err(1, "pledge");
>> -#else
>> - if (pledge("stdio rpath dns tty inet fattr",
>> - NULL) == -1)
>> - err(1, "pledge");
>> + for (i = 0; i < argc; ++i) {
>> + if (*(argv[i]) == '\0')
>> + errx(1, "empty URL not allowed");
>> + else if (strncasecmp("http:/", argv[i], 6) &&
>> + strncasecmp("https:/", argv[i], 7) &&
>> + strncasecmp("file:", argv[i], 5) &&
>> + argv[i][strlen(argv[i])] == '/')
>
> This should be strlen(...) - 1 right?
Indeed it should, thanks! Should I submit a new patch?
Sincerely,
Demi
