Re: Pledge for Vi and Ex

2015-11-19 Thread Anthony J. Bentley
"Anthony J. Bentley" writes: > Gregor Best writes: > > @@ -229,6 +230,14 @@ editor(GS *gp, int argc, char *argv[]) > > } > > if (LF_ISSET(SC_EX) && F_ISSET(gp, G_SCRIPTED)) > > silent =3D 1; > > + > > + if (secure) { > > + if (pledge("stdio rpath wpath cpath fattr fl

Re: Pledge for Vi and Ex

2015-11-14 Thread Anthony J. Bentley
Gregor Best writes: > Hi people, > > inspired by someone on Hackernews talking about how hard it would be to > properly pledge an editor, here's a patch to pledge Vi and Ex. I'd like to investigate the ideas you mentioned: disabling proc/exec with -S and making -R actually read-only. But both of

Re: Pledge for Vi and Ex

2015-11-14 Thread Anthony J. Bentley
Gregor Best writes: > @@ -229,6 +230,14 @@ editor(GS *gp, int argc, char *argv[]) > } > if (LF_ISSET(SC_EX) && F_ISSET(gp, G_SCRIPTED)) > silent = 1; > + > + if (secure) { > + if (pledge("stdio rpath wpath cpath fattr flock tty", NULL)) > +

Re: Pledge for Vi and Ex

2015-11-11 Thread Jonathan Thornburg
In message , Gregor Best wrote (about 'vi -R') > I'd like to make this switch a permanent "never ever write a file that's > not in /tmp or /var/tmp"-mode. No patch attached. :( A couple of comments: Why is it ok to write to /var/tmp/foo,

Pledge for Vi and Ex

2015-11-11 Thread Gregor Best
Hi people, inspired by someone on Hackernews talking about how hard it would be to properly pledge an editor, here's a patch to pledge Vi and Ex. I'd like to go a bit deeper than this patch though: In addition to the -S option which enables "secure mode", Vi and Ex have a -R switch, which enables