OK florian@
On Tue, Oct 30, 2018 at 09:02:48AM +, Ricardo Mestre wrote:
> Hi,
>
> htpasswd(1) when in batch mode (-I) and 1 argument is used, or when not in
> batch mode and 2 arguments are used we know we have to access argv[0] with rwc
> permissions and also to rwc a temporary file in /tmp so we can unveil(2) both
> argv[0] and /tmp with rwc permissions. In order to avoid adding "unveil" to
> pledge(2), just call it after getopt(3).
>
> Remaining code paths already have fs access disabled via pledge(2).
>
> Comments? OK?
>
> Index: htpasswd.c
> ===
> RCS file: /cvs/src/usr.bin/htpasswd/htpasswd.c,v
> retrieving revision 1.16
> diff -u -p -u -r1.16 htpasswd.c
> --- htpasswd.c7 Jun 2017 09:11:52 - 1.16
> +++ htpasswd.c30 Oct 2018 08:55:45 -
> @@ -57,9 +57,6 @@ main(int argc, char** argv)
> ssize_t linelen;
> mode_t old_umask;
>
> - if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1)
> - err(1, "pledge");
> -
> while ((c = getopt(argc, argv, "I")) != -1) {
> switch (c) {
> case 'I':
> @@ -74,6 +71,15 @@ main(int argc, char** argv)
>
> argc -= optind;
> argv += optind;
> +
> + if ((batch && argc == 1) || (!batch && argc == 2)) {
> + if (unveil(argv[0], "rwc") == -1)
> + err(1, "unveil");
> + if (unveil("/tmp", "rwc") == -1)
> + err(1, "unveil");
> + }
> + if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1)
> + err(1, "pledge");
>
> if (batch) {
> if (argc == 1)
--
I'm not entirely sure you are real.