Re: fuser(1): Fix pledge when `u' flag is used
On Fri, Jan 01, 2016 at 10:29:08PM -0500, Michael Reed wrote:
> Hi,
>
> `fuser -u -c /' doesn't seem to work for me:
>
> fuser(28663): syscall 33 "getpw"
>
> The patch below fixes my issue. The pledge condition was already a bit
> long, so I just switched to snprintf(3); not sure what's normally done
> in such situations.
>
When possible, we try to keep the `if conditions' and don't construct
pledge promises strings by hand. Else it would make pledge promises not
grep-able.
Could you confirm this diff resolves your problem ?
Comments ?
--
Sebastien Marie
Index: fstat.c
===
RCS file: /cvs/src/usr.bin/fstat/fstat.c,v
retrieving revision 1.85
diff -u -p -r1.85 fstat.c
--- fstat.c 30 Dec 2015 19:02:12 - 1.85
+++ fstat.c 2 Jan 2016 12:58:31 -
@@ -276,7 +276,18 @@ main(int argc, char *argv[])
errx(1, "%s", kvm_geterr(kd));
if (fuser) {
- if (sflg) { /* fuser might call kill(2) */
+ /**
+* fuser
+* uflg: need "getpw"
+* sflg: need "proc" (might call kill(2))
+*/
+ if (uflg && sflg) {
+ if (pledge("stdio rpath getpw proc", NULL) == -1)
+ err(1, "pledge");
+ } else if (uflg) {
+ if (pledge("stdio rpath getpw", NULL) == -1)
+ err(1, "pledge");
+ } else if (sflg) {
if (pledge("stdio rpath proc", NULL) == -1)
err(1, "pledge");
} else {
@@ -284,6 +295,7 @@ main(int argc, char *argv[])
err(1, "pledge");
}
} else {
+ /* fstat */
if (pledge("stdio rpath getpw", NULL) == -1)
err(1, "pledge");
}
Re: fuser(1): Fix pledge when `u' flag is used
Michael Reed(m.r...@mykolab.com) on 2016.01.01 22:29:08 -0500:
> Hi,
>
> `fuser -u -c /' doesn't seem to work for me:
>
> fuser(28663): syscall 33 "getpw"
>
> The patch below fixes my issue. The pledge condition was already a bit
> long, so I just switched to snprintf(3); not sure what's normally done
> in such situations.
>
> Regards,
> Michael
Hi,
thanks for your bug report. I think we still want pledge calls and arguments
grepable, so i would like to commit this instead:
ok?
diff --git usr.bin/fstat/fstat.c usr.bin/fstat/fstat.c
index cc51086..98c9760 100644
--- usr.bin/fstat/fstat.c
+++ usr.bin/fstat/fstat.c
@@ -276,9 +276,19 @@ main(int argc, char *argv[])
errx(1, "%s", kvm_geterr(kd));
if (fuser) {
- if (sflg) { /* fuser might call kill(2) */
+ if (sflg && uflg) {
+ /*
+* sflg (signal) calls kill(2) -> proc
+* uflg needs getpw
+*/
+ if (pledge("stdio getpw rpath proc", NULL) == -1)
+ err(1, "pledge");
+ } else if (sflg && !uflg) {
if (pledge("stdio rpath proc", NULL) == -1)
err(1, "pledge");
+ } else if (!sflg && uflg) {
+ if (pledge("stdio getpw rpath", NULL) == -1)
+ err(1, "pledge");
} else {
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");
fuser(1): Fix pledge when `u' flag is used
Hi,
`fuser -u -c /' doesn't seem to work for me:
fuser(28663): syscall 33 "getpw"
The patch below fixes my issue. The pledge condition was already a bit
long, so I just switched to snprintf(3); not sure what's normally done
in such situations.
Regards,
Michael
Index: fstat.c
===
RCS file: /cvs/src/usr.bin/fstat/fstat.c,v
retrieving revision 1.85
diff -u -p -r1.85 fstat.c
--- fstat.c 30 Dec 2015 19:02:12 - 1.85
+++ fstat.c 2 Jan 2016 03:18:17 -
@@ -142,6 +142,7 @@ main(int argc, char *argv[])
int arg, ch, what;
char *memf, *nlistf, *optstr;
char buf[_POSIX2_LINE_MAX];
+ char promises[1024];
const char *errstr;
int cnt, flags;
@@ -275,18 +276,12 @@ main(int argc, char *argv[])
if ((kf = kvm_getfiles(kd, what, arg, sizeof(*kf), )) == NULL)
errx(1, "%s", kvm_geterr(kd));
- if (fuser) {
- if (sflg) { /* fuser might call kill(2) */
- if (pledge("stdio rpath proc", NULL) == -1)
- err(1, "pledge");
- } else {
- if (pledge("stdio rpath", NULL) == -1)
- err(1, "pledge");
- }
- } else {
- if (pledge("stdio rpath getpw", NULL) == -1)
- err(1, "pledge");
- }
+ snprintf(promises, sizeof(promises), "stdio rpath%s%s",
+ (fuser && sflg) ? " proc" : "", /* fuser might call kill(2) */
+ (!fuser || uflg) ? " getpw" : "");
+
+ if (pledge(promises, NULL) == -1)
+ err(1, "pledge");
find_splices(kf, cnt);
if (!fuser)
