Re: unveil htpasswd
Makes sense to me.
> Hi,
>
> htpasswd(1) when in batch mode (-I) and 1 argument is used, or when not in
> batch mode and 2 arguments are used we know we have to access argv[0] with rwc
> permissions and also to rwc a temporary file in /tmp so we can unveil(2) both
> argv[0] and /tmp with rwc permissions. In order to avoid adding "unveil" to
> pledge(2), just call it after getopt(3).
>
> Remaining code paths already have fs access disabled via pledge(2).
>
> Comments? OK?
>
> Index: htpasswd.c
> ===
> RCS file: /cvs/src/usr.bin/htpasswd/htpasswd.c,v
> retrieving revision 1.16
> diff -u -p -u -r1.16 htpasswd.c
> --- htpasswd.c7 Jun 2017 09:11:52 - 1.16
> +++ htpasswd.c30 Oct 2018 08:55:45 -
> @@ -57,9 +57,6 @@ main(int argc, char** argv)
> ssize_t linelen;
> mode_t old_umask;
>
> - if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1)
> - err(1, "pledge");
> -
> while ((c = getopt(argc, argv, "I")) != -1) {
> switch (c) {
> case 'I':
> @@ -74,6 +71,15 @@ main(int argc, char** argv)
>
> argc -= optind;
> argv += optind;
> +
> + if ((batch && argc == 1) || (!batch && argc == 2)) {
> + if (unveil(argv[0], "rwc") == -1)
> + err(1, "unveil");
> + if (unveil("/tmp", "rwc") == -1)
> + err(1, "unveil");
> + }
> + if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1)
> + err(1, "pledge");
>
> if (batch) {
> if (argc == 1)
>
Re: unveil htpasswd
OK florian@
On Tue, Oct 30, 2018 at 09:02:48AM +, Ricardo Mestre wrote:
> Hi,
>
> htpasswd(1) when in batch mode (-I) and 1 argument is used, or when not in
> batch mode and 2 arguments are used we know we have to access argv[0] with rwc
> permissions and also to rwc a temporary file in /tmp so we can unveil(2) both
> argv[0] and /tmp with rwc permissions. In order to avoid adding "unveil" to
> pledge(2), just call it after getopt(3).
>
> Remaining code paths already have fs access disabled via pledge(2).
>
> Comments? OK?
>
> Index: htpasswd.c
> ===
> RCS file: /cvs/src/usr.bin/htpasswd/htpasswd.c,v
> retrieving revision 1.16
> diff -u -p -u -r1.16 htpasswd.c
> --- htpasswd.c7 Jun 2017 09:11:52 - 1.16
> +++ htpasswd.c30 Oct 2018 08:55:45 -
> @@ -57,9 +57,6 @@ main(int argc, char** argv)
> ssize_t linelen;
> mode_t old_umask;
>
> - if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1)
> - err(1, "pledge");
> -
> while ((c = getopt(argc, argv, "I")) != -1) {
> switch (c) {
> case 'I':
> @@ -74,6 +71,15 @@ main(int argc, char** argv)
>
> argc -= optind;
> argv += optind;
> +
> + if ((batch && argc == 1) || (!batch && argc == 2)) {
> + if (unveil(argv[0], "rwc") == -1)
> + err(1, "unveil");
> + if (unveil("/tmp", "rwc") == -1)
> + err(1, "unveil");
> + }
> + if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1)
> + err(1, "pledge");
>
> if (batch) {
> if (argc == 1)
--
I'm not entirely sure you are real.
unveil htpasswd
Hi,
htpasswd(1) when in batch mode (-I) and 1 argument is used, or when not in
batch mode and 2 arguments are used we know we have to access argv[0] with rwc
permissions and also to rwc a temporary file in /tmp so we can unveil(2) both
argv[0] and /tmp with rwc permissions. In order to avoid adding "unveil" to
pledge(2), just call it after getopt(3).
Remaining code paths already have fs access disabled via pledge(2).
Comments? OK?
Index: htpasswd.c
===
RCS file: /cvs/src/usr.bin/htpasswd/htpasswd.c,v
retrieving revision 1.16
diff -u -p -u -r1.16 htpasswd.c
--- htpasswd.c 7 Jun 2017 09:11:52 - 1.16
+++ htpasswd.c 30 Oct 2018 08:55:45 -
@@ -57,9 +57,6 @@ main(int argc, char** argv)
ssize_t linelen;
mode_t old_umask;
- if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1)
- err(1, "pledge");
-
while ((c = getopt(argc, argv, "I")) != -1) {
switch (c) {
case 'I':
@@ -74,6 +71,15 @@ main(int argc, char** argv)
argc -= optind;
argv += optind;
+
+ if ((batch && argc == 1) || (!batch && argc == 2)) {
+ if (unveil(argv[0], "rwc") == -1)
+ err(1, "unveil");
+ if (unveil("/tmp", "rwc") == -1)
+ err(1, "unveil");
+ }
+ if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1)
+ err(1, "pledge");
if (batch) {
if (argc == 1)
