The look(1) program needs to open(2) and fstat(2) exactly one file
during its runtime. Using unveil(2) seems like overkill here.
This seems closer to what we want:
- pledge(2) initially with "stdio rpath" at the top of main().
We know we need to read a file at this point but don't yet
know which one.
- pledge(2) down to "stdio" after we have opened the file
in question and called fstat(2) to get its size. The rest
of the program is computation and stdio.
- Remove the unveil(2) call. We don't need it if we're only
working with one file and it's already open.
Unless I have misunderstood something, we don't need "rpath" to
mmap(2) the descriptor into memory after opening it, so drop "rpath"
before the mmap(2) call.
ok?
Index: look.c
===
RCS file: /cvs/src/usr.bin/look/look.c,v
retrieving revision 1.25
diff -u -p -r1.25 look.c
--- look.c 24 Oct 2021 21:24:16 - 1.25
+++ look.c 9 Feb 2022 01:26:38 -
@@ -77,6 +77,9 @@ main(int argc, char *argv[])
int ch, fd, termchar;
char *back, *file, *front, *string, *p;
+ if (pledge("stdio rpath", NULL) == -1)
+ err(2, "pledge");
+
file = _PATH_WORDS;
termchar = '\0';
while ((ch = getopt(argc, argv, "dft:")) != -1)
@@ -110,11 +113,6 @@ main(int argc, char *argv[])
usage();
}
- if (unveil(file, "r") == -1)
- err(2, "unveil %s", file);
- if (pledge("stdio rpath", NULL) == -1)
- err(2, "pledge");
-
if (termchar != '\0' && (p = strchr(string, termchar)) != NULL)
*++p = '\0';
@@ -122,6 +120,10 @@ main(int argc, char *argv[])
err(2, "%s", file);
if (sb.st_size > SIZE_MAX)
errc(2, EFBIG, "%s", file);
+
+ if (pledge("stdio", NULL) == -1)
+ err(2, "pledge");
+
if ((front = mmap(NULL,
(size_t)sb.st_size, PROT_READ, MAP_PRIVATE, fd, (off_t)0)) ==
MAP_FAILED)
err(2, "%s", file);
