subject:"unveil radioctl\/fdformat\/gpioctl"

Re: unveil radioctl/fdformat/gpioctl

2019-12-21 Thread Stuart Henderson

On 2019/12/20 22:20, Ricardo Mestre wrote:
> Hello fellow citizens!
> 
> Did we have any brave souls with the hardware below that tested this and
> can give me an OK?

gpioctl works fine.

If anyone still has a radio(4) device, they're not sending in their
dmesg - nothing in dmesglog for 10 years.

Maybe you'll find someone with an fdd, I haven't had one in many years!

I don't see a reason why fdformat/radioctl wouldn't work though, all
three diffs are OK with me.

> On 18:57 Mon 02 Dec , Ricardo Mestre wrote:
> > Hi tech@
> > 
> > radioctl/fdformat/gpioctl need to open the device and then all operations go
> > through ioctls forbidden by pledge but no further filesystem access is 
> > needed
> > so it can be disallowed right afterwards.
> > 
> > CAVEAT: The sources for these applications are simple enough to follow, but
> > unfortunately I don't have any of these devices to actually test them, so 
> > take
> > this with a really tiny pinch of salt.
> > 
> > Comments, OK?
> > 
> > /mestre
> > 
> > Index: usr.bin/radioctl/radioctl.c
> > ===
> > RCS file: /cvs/src/usr.bin/radioctl/radioctl.c,v
> > retrieving revision 1.20
> > diff -u -p -u -r1.20 radioctl.c
> > --- usr.bin/radioctl/radioctl.c 28 Jun 2019 13:35:03 -  1.20
> > +++ usr.bin/radioctl/radioctl.c 2 Dec 2019 18:51:03 -
> > @@ -186,6 +186,11 @@ main(int argc, char **argv)
> > if (rd == -1)
> > err(1, "%s open error", radiodev);
> >  
> > +   if (unveil("/", "") == -1)
> > +   err(1, "unveil");
> > +   if (unveil(NULL, NULL) == -1)
> > +   err(1, "unveil");
> > +
> > if (ioctl(rd, RIOCGINFO, &ri) == -1)
> > err(1, "RIOCGINFO");
> >  
> > Index: usr.sbin/fdformat/fdformat.c
> > ===
> > RCS file: /cvs/src/usr.sbin/fdformat/fdformat.c,v
> > retrieving revision 1.24
> > diff -u -p -u -r1.24 fdformat.c
> > --- usr.sbin/fdformat/fdformat.c28 Jun 2019 13:32:47 -  1.24
> > +++ usr.sbin/fdformat/fdformat.c2 Dec 2019 18:51:04 -
> > @@ -246,6 +246,11 @@ main(int argc, char *argv[])
> > if ((fd = opendev(argv[optind], O_RDWR, OPENDEV_PART, &devname)) == -1)
> > err(1, "%s", devname);
> >  
> > +   if (unveil("/", "") == -1)
> > +   err(1, "unveil");
> > +   if (unveil(NULL, NULL) == -1)
> > +   err(1, "unveil");
> > +
> > if (ioctl(fd, FD_GTYPE, &fdt) == -1)
> > errx(1, "not a floppy disk: %s", devname);
> >  
> > Index: usr.sbin/gpioctl/gpioctl.c
> > ===
> > RCS file: /cvs/src/usr.sbin/gpioctl/gpioctl.c,v
> > retrieving revision 1.17
> > diff -u -p -u -r1.17 gpioctl.c
> > --- usr.sbin/gpioctl/gpioctl.c  26 Dec 2015 20:52:03 -  1.17
> > +++ usr.sbin/gpioctl/gpioctl.c  2 Dec 2019 18:51:04 -
> > @@ -101,6 +101,11 @@ main(int argc, char *argv[])
> > if ((devfd = open(dev, O_RDWR)) == -1)
> > err(1, "%s", dev);
> >  
> > +   if (unveil("/", "") == -1)
> > +   err(1, "unveil");
> > +   if (unveil(NULL, NULL) == -1)
> > +   err(1, "unveil");
> > +
> > if (argc == 1) {
> > getinfo();
> > return 0;
> > 
>

Re: unveil radioctl/fdformat/gpioctl

2019-12-20 Thread Ricardo Mestre

Hello fellow citizens!

Did we have any brave souls with the hardware below that tested this and
can give me an OK?

On 18:57 Mon 02 Dec , Ricardo Mestre wrote:
> Hi tech@
> 
> radioctl/fdformat/gpioctl need to open the device and then all operations go
> through ioctls forbidden by pledge but no further filesystem access is needed
> so it can be disallowed right afterwards.
> 
> CAVEAT: The sources for these applications are simple enough to follow, but
> unfortunately I don't have any of these devices to actually test them, so take
> this with a really tiny pinch of salt.
> 
> Comments, OK?
> 
> /mestre
> 
> Index: usr.bin/radioctl/radioctl.c
> ===
> RCS file: /cvs/src/usr.bin/radioctl/radioctl.c,v
> retrieving revision 1.20
> diff -u -p -u -r1.20 radioctl.c
> --- usr.bin/radioctl/radioctl.c   28 Jun 2019 13:35:03 -  1.20
> +++ usr.bin/radioctl/radioctl.c   2 Dec 2019 18:51:03 -
> @@ -186,6 +186,11 @@ main(int argc, char **argv)
>   if (rd == -1)
>   err(1, "%s open error", radiodev);
>  
> + if (unveil("/", "") == -1)
> + err(1, "unveil");
> + if (unveil(NULL, NULL) == -1)
> + err(1, "unveil");
> +
>   if (ioctl(rd, RIOCGINFO, &ri) == -1)
>   err(1, "RIOCGINFO");
>  
> Index: usr.sbin/fdformat/fdformat.c
> ===
> RCS file: /cvs/src/usr.sbin/fdformat/fdformat.c,v
> retrieving revision 1.24
> diff -u -p -u -r1.24 fdformat.c
> --- usr.sbin/fdformat/fdformat.c  28 Jun 2019 13:32:47 -  1.24
> +++ usr.sbin/fdformat/fdformat.c  2 Dec 2019 18:51:04 -
> @@ -246,6 +246,11 @@ main(int argc, char *argv[])
>   if ((fd = opendev(argv[optind], O_RDWR, OPENDEV_PART, &devname)) == -1)
>   err(1, "%s", devname);
>  
> + if (unveil("/", "") == -1)
> + err(1, "unveil");
> + if (unveil(NULL, NULL) == -1)
> + err(1, "unveil");
> +
>   if (ioctl(fd, FD_GTYPE, &fdt) == -1)
>   errx(1, "not a floppy disk: %s", devname);
>  
> Index: usr.sbin/gpioctl/gpioctl.c
> ===
> RCS file: /cvs/src/usr.sbin/gpioctl/gpioctl.c,v
> retrieving revision 1.17
> diff -u -p -u -r1.17 gpioctl.c
> --- usr.sbin/gpioctl/gpioctl.c26 Dec 2015 20:52:03 -  1.17
> +++ usr.sbin/gpioctl/gpioctl.c2 Dec 2019 18:51:04 -
> @@ -101,6 +101,11 @@ main(int argc, char *argv[])
>   if ((devfd = open(dev, O_RDWR)) == -1)
>   err(1, "%s", dev);
>  
> + if (unveil("/", "") == -1)
> + err(1, "unveil");
> + if (unveil(NULL, NULL) == -1)
> + err(1, "unveil");
> +
>   if (argc == 1) {
>   getinfo();
>   return 0;
>

unveil radioctl/fdformat/gpioctl

2019-12-02 Thread Ricardo Mestre

Hi tech@

radioctl/fdformat/gpioctl need to open the device and then all operations go
through ioctls forbidden by pledge but no further filesystem access is needed
so it can be disallowed right afterwards.

CAVEAT: The sources for these applications are simple enough to follow, but
unfortunately I don't have any of these devices to actually test them, so take
this with a really tiny pinch of salt.

Comments, OK?

/mestre

Index: usr.bin/radioctl/radioctl.c
===
RCS file: /cvs/src/usr.bin/radioctl/radioctl.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 radioctl.c
--- usr.bin/radioctl/radioctl.c 28 Jun 2019 13:35:03 -  1.20
+++ usr.bin/radioctl/radioctl.c 2 Dec 2019 18:51:03 -
@@ -186,6 +186,11 @@ main(int argc, char **argv)
if (rd == -1)
err(1, "%s open error", radiodev);
 
+   if (unveil("/", "") == -1)
+   err(1, "unveil");
+   if (unveil(NULL, NULL) == -1)
+   err(1, "unveil");
+
if (ioctl(rd, RIOCGINFO, &ri) == -1)
err(1, "RIOCGINFO");
 
Index: usr.sbin/fdformat/fdformat.c
===
RCS file: /cvs/src/usr.sbin/fdformat/fdformat.c,v
retrieving revision 1.24
diff -u -p -u -r1.24 fdformat.c
--- usr.sbin/fdformat/fdformat.c28 Jun 2019 13:32:47 -  1.24
+++ usr.sbin/fdformat/fdformat.c2 Dec 2019 18:51:04 -
@@ -246,6 +246,11 @@ main(int argc, char *argv[])
if ((fd = opendev(argv[optind], O_RDWR, OPENDEV_PART, &devname)) == -1)
err(1, "%s", devname);
 
+   if (unveil("/", "") == -1)
+   err(1, "unveil");
+   if (unveil(NULL, NULL) == -1)
+   err(1, "unveil");
+
if (ioctl(fd, FD_GTYPE, &fdt) == -1)
errx(1, "not a floppy disk: %s", devname);
 
Index: usr.sbin/gpioctl/gpioctl.c
===
RCS file: /cvs/src/usr.sbin/gpioctl/gpioctl.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 gpioctl.c
--- usr.sbin/gpioctl/gpioctl.c  26 Dec 2015 20:52:03 -  1.17
+++ usr.sbin/gpioctl/gpioctl.c  2 Dec 2019 18:51:04 -
@@ -101,6 +101,11 @@ main(int argc, char *argv[])
if ((devfd = open(dev, O_RDWR)) == -1)
err(1, "%s", dev);
 
+   if (unveil("/", "") == -1)
+   err(1, "unveil");
+   if (unveil(NULL, NULL) == -1)
+   err(1, "unveil");
+
if (argc == 1) {
getinfo();
return 0;

Re: unveil radioctl/fdformat/gpioctl

Re: unveil radioctl/fdformat/gpioctl

unveil radioctl/fdformat/gpioctl

3 matches

Site Navigation

Mail list logo

Footer information