Re: fuser(1): Fix pledge when `u' flag is used
On Fri, Jan 01, 2016 at 10:29:08PM -0500, Michael Reed wrote: > Hi, > > `fuser -u -c /' doesn't seem to work for me: > > fuser(28663): syscall 33 "getpw" > > The patch below fixes my issue. The pledge condition was already a bit > long, so I just switched to snprintf(3); not sure what's normally done > in such situations. > When possible, we try to keep the `if conditions' and don't construct pledge promises strings by hand. Else it would make pledge promises not grep-able. Could you confirm this diff resolves your problem ? Comments ? -- Sebastien Marie Index: fstat.c === RCS file: /cvs/src/usr.bin/fstat/fstat.c,v retrieving revision 1.85 diff -u -p -r1.85 fstat.c --- fstat.c 30 Dec 2015 19:02:12 - 1.85 +++ fstat.c 2 Jan 2016 12:58:31 - @@ -276,7 +276,18 @@ main(int argc, char *argv[]) errx(1, "%s", kvm_geterr(kd)); if (fuser) { - if (sflg) { /* fuser might call kill(2) */ + /** +* fuser +* uflg: need "getpw" +* sflg: need "proc" (might call kill(2)) +*/ + if (uflg && sflg) { + if (pledge("stdio rpath getpw proc", NULL) == -1) + err(1, "pledge"); + } else if (uflg) { + if (pledge("stdio rpath getpw", NULL) == -1) + err(1, "pledge"); + } else if (sflg) { if (pledge("stdio rpath proc", NULL) == -1) err(1, "pledge"); } else { @@ -284,6 +295,7 @@ main(int argc, char *argv[]) err(1, "pledge"); } } else { + /* fstat */ if (pledge("stdio rpath getpw", NULL) == -1) err(1, "pledge"); }
Re: fuser(1): Fix pledge when `u' flag is used
Michael Reed(m.r...@mykolab.com) on 2016.01.01 22:29:08 -0500: > Hi, > > `fuser -u -c /' doesn't seem to work for me: > > fuser(28663): syscall 33 "getpw" > > The patch below fixes my issue. The pledge condition was already a bit > long, so I just switched to snprintf(3); not sure what's normally done > in such situations. > > Regards, > Michael Hi, thanks for your bug report. I think we still want pledge calls and arguments grepable, so i would like to commit this instead: ok? diff --git usr.bin/fstat/fstat.c usr.bin/fstat/fstat.c index cc51086..98c9760 100644 --- usr.bin/fstat/fstat.c +++ usr.bin/fstat/fstat.c @@ -276,9 +276,19 @@ main(int argc, char *argv[]) errx(1, "%s", kvm_geterr(kd)); if (fuser) { - if (sflg) { /* fuser might call kill(2) */ + if (sflg && uflg) { + /* +* sflg (signal) calls kill(2) -> proc +* uflg needs getpw +*/ + if (pledge("stdio getpw rpath proc", NULL) == -1) + err(1, "pledge"); + } else if (sflg && !uflg) { if (pledge("stdio rpath proc", NULL) == -1) err(1, "pledge"); + } else if (!sflg && uflg) { + if (pledge("stdio getpw rpath", NULL) == -1) + err(1, "pledge"); } else { if (pledge("stdio rpath", NULL) == -1) err(1, "pledge");
fuser(1): Fix pledge when `u' flag is used
Hi, `fuser -u -c /' doesn't seem to work for me: fuser(28663): syscall 33 "getpw" The patch below fixes my issue. The pledge condition was already a bit long, so I just switched to snprintf(3); not sure what's normally done in such situations. Regards, Michael Index: fstat.c === RCS file: /cvs/src/usr.bin/fstat/fstat.c,v retrieving revision 1.85 diff -u -p -r1.85 fstat.c --- fstat.c 30 Dec 2015 19:02:12 - 1.85 +++ fstat.c 2 Jan 2016 03:18:17 - @@ -142,6 +142,7 @@ main(int argc, char *argv[]) int arg, ch, what; char *memf, *nlistf, *optstr; char buf[_POSIX2_LINE_MAX]; + char promises[1024]; const char *errstr; int cnt, flags; @@ -275,18 +276,12 @@ main(int argc, char *argv[]) if ((kf = kvm_getfiles(kd, what, arg, sizeof(*kf), )) == NULL) errx(1, "%s", kvm_geterr(kd)); - if (fuser) { - if (sflg) { /* fuser might call kill(2) */ - if (pledge("stdio rpath proc", NULL) == -1) - err(1, "pledge"); - } else { - if (pledge("stdio rpath", NULL) == -1) - err(1, "pledge"); - } - } else { - if (pledge("stdio rpath getpw", NULL) == -1) - err(1, "pledge"); - } + snprintf(promises, sizeof(promises), "stdio rpath%s%s", + (fuser && sflg) ? " proc" : "", /* fuser might call kill(2) */ + (!fuser || uflg) ? " getpw" : ""); + + if (pledge(promises, NULL) == -1) + err(1, "pledge"); find_splices(kf, cnt); if (!fuser)