Re: unveil htpasswd
Makes sense to me. > Hi, > > htpasswd(1) when in batch mode (-I) and 1 argument is used, or when not in > batch mode and 2 arguments are used we know we have to access argv[0] with rwc > permissions and also to rwc a temporary file in /tmp so we can unveil(2) both > argv[0] and /tmp with rwc permissions. In order to avoid adding "unveil" to > pledge(2), just call it after getopt(3). > > Remaining code paths already have fs access disabled via pledge(2). > > Comments? OK? > > Index: htpasswd.c > === > RCS file: /cvs/src/usr.bin/htpasswd/htpasswd.c,v > retrieving revision 1.16 > diff -u -p -u -r1.16 htpasswd.c > --- htpasswd.c7 Jun 2017 09:11:52 - 1.16 > +++ htpasswd.c30 Oct 2018 08:55:45 - > @@ -57,9 +57,6 @@ main(int argc, char** argv) > ssize_t linelen; > mode_t old_umask; > > - if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1) > - err(1, "pledge"); > - > while ((c = getopt(argc, argv, "I")) != -1) { > switch (c) { > case 'I': > @@ -74,6 +71,15 @@ main(int argc, char** argv) > > argc -= optind; > argv += optind; > + > + if ((batch && argc == 1) || (!batch && argc == 2)) { > + if (unveil(argv[0], "rwc") == -1) > + err(1, "unveil"); > + if (unveil("/tmp", "rwc") == -1) > + err(1, "unveil"); > + } > + if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1) > + err(1, "pledge"); > > if (batch) { > if (argc == 1) >
Re: unveil htpasswd
OK florian@ On Tue, Oct 30, 2018 at 09:02:48AM +, Ricardo Mestre wrote: > Hi, > > htpasswd(1) when in batch mode (-I) and 1 argument is used, or when not in > batch mode and 2 arguments are used we know we have to access argv[0] with rwc > permissions and also to rwc a temporary file in /tmp so we can unveil(2) both > argv[0] and /tmp with rwc permissions. In order to avoid adding "unveil" to > pledge(2), just call it after getopt(3). > > Remaining code paths already have fs access disabled via pledge(2). > > Comments? OK? > > Index: htpasswd.c > === > RCS file: /cvs/src/usr.bin/htpasswd/htpasswd.c,v > retrieving revision 1.16 > diff -u -p -u -r1.16 htpasswd.c > --- htpasswd.c7 Jun 2017 09:11:52 - 1.16 > +++ htpasswd.c30 Oct 2018 08:55:45 - > @@ -57,9 +57,6 @@ main(int argc, char** argv) > ssize_t linelen; > mode_t old_umask; > > - if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1) > - err(1, "pledge"); > - > while ((c = getopt(argc, argv, "I")) != -1) { > switch (c) { > case 'I': > @@ -74,6 +71,15 @@ main(int argc, char** argv) > > argc -= optind; > argv += optind; > + > + if ((batch && argc == 1) || (!batch && argc == 2)) { > + if (unveil(argv[0], "rwc") == -1) > + err(1, "unveil"); > + if (unveil("/tmp", "rwc") == -1) > + err(1, "unveil"); > + } > + if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1) > + err(1, "pledge"); > > if (batch) { > if (argc == 1) -- I'm not entirely sure you are real.
unveil htpasswd
Hi, htpasswd(1) when in batch mode (-I) and 1 argument is used, or when not in batch mode and 2 arguments are used we know we have to access argv[0] with rwc permissions and also to rwc a temporary file in /tmp so we can unveil(2) both argv[0] and /tmp with rwc permissions. In order to avoid adding "unveil" to pledge(2), just call it after getopt(3). Remaining code paths already have fs access disabled via pledge(2). Comments? OK? Index: htpasswd.c === RCS file: /cvs/src/usr.bin/htpasswd/htpasswd.c,v retrieving revision 1.16 diff -u -p -u -r1.16 htpasswd.c --- htpasswd.c 7 Jun 2017 09:11:52 - 1.16 +++ htpasswd.c 30 Oct 2018 08:55:45 - @@ -57,9 +57,6 @@ main(int argc, char** argv) ssize_t linelen; mode_t old_umask; - if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1) - err(1, "pledge"); - while ((c = getopt(argc, argv, "I")) != -1) { switch (c) { case 'I': @@ -74,6 +71,15 @@ main(int argc, char** argv) argc -= optind; argv += optind; + + if ((batch && argc == 1) || (!batch && argc == 2)) { + if (unveil(argv[0], "rwc") == -1) + err(1, "unveil"); + if (unveil("/tmp", "rwc") == -1) + err(1, "unveil"); + } + if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1) + err(1, "pledge"); if (batch) { if (argc == 1)