On Thu, May 21, 2020 at 11:07:39PM +0100, Ricardo Mestre wrote:
> Hi,
>
> After the handle sioctl_hdl `hdl' is opened (which in itself requires rw fs
> access and opening an unix socket) then all operations happen over that handle
> so the program may be restricted to only "stdio".
>
> All options were tested successfully, including the examples from the manpage
> plus tweaking the audio from an app ($MYBROWSER).
>
> Comments? OK?
Works for me.
ok brynet@
> Index: sndioctl.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/sndioctl/sndioctl.c,v
> retrieving revision 1.10
> diff -u -p -u -r1.10 sndioctl.c
> --- sndioctl.c 17 May 2020 05:39:32 -0000 1.10
> +++ sndioctl.c 21 May 2020 22:04:58 -0000
> @@ -948,6 +948,13 @@ main(int argc, char **argv)
> fprintf(stderr, "%s: can't open control device\n", devname);
> exit(1);
> }
> +
> + if (pledge("stdio", NULL) == -1) {
> + fprintf(stderr, "%s: pledge: %s\n", getprogname(),
> + strerror(errno));
> + exit(1);
> + }
> +
> if (!sioctl_ondesc(hdl, ondesc, NULL)) {
> fprintf(stderr, "%s: can't get device description\n", devname);
> exit(1);
>
>
