For those who are curious, this is the tame diff which is currently
in snapshots. Yes, we are asking for testing and feedback.
Index: bin/cat/cat.c
===================================================================
RCS file: /cvs/src/bin/cat/cat.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 cat.c
--- bin/cat/cat.c 16 Jan 2015 06:39:28 -0000 1.21
+++ bin/cat/cat.c 28 Sep 2015 20:15:11 -0000
@@ -66,6 +66,9 @@ main(int argc, char *argv[])
setlocale(LC_ALL, "");
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "benstuv")) != -1)
switch (ch) {
case 'b':
Index: bin/chmod/chmod.c
===================================================================
RCS file: /cvs/src/bin/chmod/chmod.c,v
retrieving revision 1.34
diff -u -p -u -r1.34 chmod.c
--- bin/chmod/chmod.c 25 Jun 2015 02:04:08 -0000 1.34
+++ bin/chmod/chmod.c 28 Sep 2015 20:15:11 -0000
@@ -153,6 +153,9 @@ done:
atflags = 0;
if (ischflags) {
+ if (tame("stdio rpath wpath fattr", NULL) == -1)
+ err(1, "tame");
+
flags = *argv;
if (*flags >= '0' && *flags <= '7') {
errno = 0;
Index: bin/dd/dd.c
===================================================================
RCS file: /cvs/src/bin/dd/dd.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 dd.c
--- bin/dd/dd.c 16 Jan 2015 06:39:31 -0000 1.21
+++ bin/dd/dd.c 28 Sep 2015 20:15:11 -0000
@@ -149,6 +149,9 @@ setup(void)
if (out.offset)
pos_out();
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
+
/*
* Truncate the output file; ignore errors because it fails on some
* kinds of output files, tapes, for example.
Index: bin/df/df.c
===================================================================
RCS file: /cvs/src/bin/df/df.c,v
retrieving revision 1.52
diff -u -p -u -r1.52 df.c
--- bin/df/df.c 16 Jan 2015 06:39:31 -0000 1.52
+++ bin/df/df.c 28 Sep 2015 20:15:11 -0000
@@ -79,6 +79,10 @@ main(int argc, char *argv[])
int width, maxwidth;
char *mntpt;
+// XXX what about statfs?
+// if (tame("stdio rpath", NULL) == -1)
+// err(1, "tame");
+
while ((ch = getopt(argc, argv, "hiklnPt:")) != -1)
switch (ch) {
case 'h':
Index: bin/echo/echo.c
===================================================================
RCS file: /cvs/src/bin/echo/echo.c,v
retrieving revision 1.8
diff -u -p -u -r1.8 echo.c
--- bin/echo/echo.c 14 Dec 2014 16:55:59 -0000 1.8
+++ bin/echo/echo.c 28 Sep 2015 20:15:11 -0000
@@ -32,12 +32,17 @@
#include <stdio.h>
#include <string.h>
+#include <unistd.h>
+#include <err.h>
/* ARGSUSED */
int
main(int argc, char *argv[])
{
int nflag;
+
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
/* This utility may NOT do getopt(3) option parsing. */
if (*++argv && !strcmp(*argv, "-n")) {
Index: bin/expr/expr.c
===================================================================
RCS file: /cvs/src/bin/expr/expr.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 expr.c
--- bin/expr/expr.c 11 Aug 2015 17:15:46 -0000 1.20
+++ bin/expr/expr.c 28 Sep 2015 20:15:11 -0000
@@ -12,6 +12,7 @@
#include <limits.h>
#include <locale.h>
#include <ctype.h>
+#include <unistd.h>
#include <regex.h>
#include <err.h>
@@ -499,6 +500,9 @@ main(int argc, char *argv[])
struct val *vp;
(void) setlocale(LC_ALL, "");
+
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
if (argc > 1 && !strcmp(argv[1], "--"))
argv++;
Index: bin/ls/ls.c
===================================================================
RCS file: /cvs/src/bin/ls/ls.c,v
retrieving revision 1.41
diff -u -p -u -r1.41 ls.c
--- bin/ls/ls.c 25 Jun 2015 02:04:07 -0000 1.41
+++ bin/ls/ls.c 28 Sep 2015 20:15:11 -0000
@@ -123,6 +123,9 @@ ls_main(int argc, char *argv[])
termwidth = width;
}
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
/* Root is -A automatically. */
if (!getuid())
f_listdot = 1;
Index: bin/md5/md5.c
===================================================================
RCS file: /cvs/src/bin/md5/md5.c,v
retrieving revision 1.79
diff -u -p -u -r1.79 md5.c
--- bin/md5/md5.c 19 Jan 2015 16:43:28 -0000 1.79
+++ bin/md5/md5.c 28 Sep 2015 20:15:11 -0000
@@ -200,6 +200,9 @@ main(int argc, char **argv)
int fl, error, base64, i;
int bflag, cflag, pflag, rflag, tflag, xflag;
+ if (tame("stdio cpath rpath wpath", NULL) == -1)
+ err(1, "tame");
+
TAILQ_INIT(&hl);
input_string = NULL;
selective_checklist = NULL;
@@ -308,8 +311,11 @@ main(int argc, char **argv)
argc -= optind;
argv += optind;
- if (ofile == NULL)
+ if (ofile == NULL) {
ofile = stdout;
+ }
+ if (tame("stdio rpath", NULL) != 0)
+ err(1, "tame");
/* Most arguments are mutually exclusive */
fl = pflag + (tflag ? 1 : 0) + xflag + cflag + (input_string != NULL);
Index: bin/mkdir/mkdir.c
===================================================================
RCS file: /cvs/src/bin/mkdir/mkdir.c,v
retrieving revision 1.25
diff -u -p -u -r1.25 mkdir.c
--- bin/mkdir/mkdir.c 2 Apr 2013 20:26:17 -0000 1.25
+++ bin/mkdir/mkdir.c 28 Sep 2015 20:15:11 -0000
@@ -55,6 +55,9 @@ main(int argc, char *argv[])
setlocale(LC_ALL, "");
+ if (tame("stdio cpath rpath wpath fattr", NULL) == -1)
+ err(1, "tame");
+
/*
* The default file mode is a=rwx (0777) with selected permissions
* removed in accordance with the file mode creation mask. For
Index: bin/pax/pax.c
===================================================================
RCS file: /cvs/src/bin/pax/pax.c,v
retrieving revision 1.41
diff -u -p -u -r1.41 pax.c
--- bin/pax/pax.c 9 Mar 2015 04:23:29 -0000 1.41
+++ bin/pax/pax.c 28 Sep 2015 20:15:11 -0000
@@ -256,6 +256,12 @@ main(int argc, char **argv)
if ((gen_init() < 0) || (tty_init() < 0))
return(exit_val);
+ if (pmode == 0 && gzip_program == NULL) {
+ if (tame("stdio getpw ioctl proc cpath wpath rpath fattr",
+ NULL) == -1)
+ err(1, "tame");
+ }
+
/*
* select a primary operation mode
*/
Index: bin/pwd/pwd.c
===================================================================
RCS file: /cvs/src/bin/pwd/pwd.c,v
retrieving revision 1.12
diff -u -p -u -r1.12 pwd.c
--- bin/pwd/pwd.c 28 May 2014 06:55:58 -0000 1.12
+++ bin/pwd/pwd.c 28 Sep 2015 20:15:11 -0000
@@ -47,6 +47,9 @@ main(int argc, char *argv[])
int ch, lFlag = 0;
const char *p;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "LP")) != -1) {
switch (ch) {
case 'L':
Index: bin/sleep/sleep.c
===================================================================
RCS file: /cvs/src/bin/sleep/sleep.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 sleep.c
--- bin/sleep/sleep.c 22 Sep 2015 15:37:06 -0000 1.21
+++ bin/sleep/sleep.c 1 Oct 2015 11:35:32 -0000
@@ -37,6 +37,7 @@
#include <stdlib.h>
#include <time.h>
#include <unistd.h>
+#include <err.h>
extern char *__progname;
@@ -52,6 +53,9 @@ main(int argc, char *argv[])
long nsecs = 0;
struct timespec rqtp;
int i;
+
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
signal(SIGALRM, alarmh);
Index: bin/test/test.c
===================================================================
RCS file: /cvs/src/bin/test/test.c,v
retrieving revision 1.13
diff -u -p -u -r1.13 test.c
--- bin/test/test.c 2 Dec 2014 18:32:05 -0000 1.13
+++ bin/test/test.c 28 Sep 2015 20:15:11 -0000
@@ -158,6 +158,9 @@ main(int argc, char *argv[])
extern char *__progname;
int res;
+ if (tame("rpath malloc", NULL) == -1)
+ err(1, "tame");
+
if (strcmp(__progname, "[") == 0) {
if (strcmp(argv[--argc], "]"))
errx(2, "missing ]");
Index: sbin/dmesg/dmesg.c
===================================================================
RCS file: /cvs/src/sbin/dmesg/dmesg.c,v
retrieving revision 1.25
diff -u -p -u -r1.25 dmesg.c
--- sbin/dmesg/dmesg.c 16 Jan 2015 06:39:57 -0000 1.25
+++ sbin/dmesg/dmesg.c 28 Sep 2015 20:15:11 -0000
@@ -108,6 +108,9 @@ main(int argc, char *argv[])
if (sysctl(mib, 2, bufdata, &len, NULL, 0))
err(1, "sysctl: KERN_MSGBUF");
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
+
memcpy(&cur, bufdata, sizeof(cur));
bufdata = ((struct msgbuf *)bufdata)->msg_bufc;
} else {
Index: sbin/ping/ping.c
===================================================================
RCS file: /cvs/src/sbin/ping/ping.c,v
retrieving revision 1.125
diff -u -p -u -r1.125 ping.c
--- sbin/ping/ping.c 3 Sep 2015 17:59:54 -0000 1.125
+++ sbin/ping/ping.c 28 Sep 2015 20:15:11 -0000
@@ -501,6 +501,14 @@ main(int argc, char *argv[])
else
(void)printf("PING %s: %d data bytes\n", hostname, datalen);
+ if (options & F_NUMERIC) {
+ if (tame("stdio inet", NULL) == -1)
+ err(1, "tame");
+ } else {
+ if (tame("stdio inet dns", NULL) == -1)
+ err(1, "tame");
+ }
+
(void)signal(SIGINT, finish);
(void)signal(SIGALRM, catcher);
(void)signal(SIGINFO, prtsig);
Index: sbin/ping6/ping6.c
===================================================================
RCS file: /cvs/src/sbin/ping6/ping6.c,v
retrieving revision 1.117
diff -u -p -u -r1.117 ping6.c
--- sbin/ping6/ping6.c 30 Sep 2015 12:21:46 -0000 1.117
+++ sbin/ping6/ping6.c 30 Sep 2015 12:21:54 -0000
@@ -746,6 +746,14 @@ main(int argc, char *argv[])
(socklen_t)sizeof(optval)) < 0)
warn("setsockopt(IPV6_RECVHOPLIMIT)"); /* XXX err? */
+ if (options & F_HOSTNAME) {
+ if (tame("stdio inet dns", NULL) == -1)
+ err(1, "tame");
+ } else {
+ if (tame("stdio inet", NULL) != 0)
+ err(1, "tame");
+ }
+
arc4random_buf(&tv64_offset, sizeof(tv64_offset));
arc4random_buf(&mac_key, sizeof(mac_key));
Index: usr.bin/arch/arch.c
===================================================================
RCS file: /cvs/src/usr.bin/arch/arch.c,v
retrieving revision 1.16
diff -u -p -u -r1.16 arch.c
--- usr.bin/arch/arch.c 25 Sep 2015 16:19:26 -0000 1.16
+++ usr.bin/arch/arch.c 28 Sep 2015 20:15:11 -0000
@@ -30,6 +30,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <err.h>
static void __dead usage(void);
@@ -43,6 +44,9 @@ main(int argc, char *argv[])
char *arch, *opts;
setlocale(LC_ALL, "");
+
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
machine = strcmp(__progname, "machine") == 0;
if (machine) {
Index: usr.bin/banner/banner.c
===================================================================
RCS file: /cvs/src/usr.bin/banner/banner.c,v
retrieving revision 1.9
diff -u -p -u -r1.9 banner.c
--- usr.bin/banner/banner.c 27 Oct 2009 23:59:35 -0000 1.9
+++ usr.bin/banner/banner.c 28 Sep 2015 20:15:11 -0000
@@ -53,6 +53,7 @@
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
+#include <err.h>
#include "banner.h"
@@ -152,6 +153,8 @@ main(int argc, char *argv[])
{
char word[10+1]; /* strings limited to 10 chars
*/
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
while (*++argv) {
(void)strlcpy(word, *argv, sizeof (word));
scan_out(1, word, '\0');
Index: usr.bin/basename/basename.c
===================================================================
RCS file: /cvs/src/usr.bin/basename/basename.c,v
retrieving revision 1.9
diff -u -p -u -r1.9 basename.c
--- usr.bin/basename/basename.c 27 Oct 2009 23:59:36 -0000 1.9
+++ usr.bin/basename/basename.c 28 Sep 2015 20:15:11 -0000
@@ -48,6 +48,9 @@ main(int argc, char *argv[])
setlocale(LC_ALL, "");
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "")) != -1) {
switch (ch) {
default:
Index: usr.bin/cal/cal.c
===================================================================
RCS file: /cvs/src/usr.bin/cal/cal.c,v
retrieving revision 1.28
diff -u -p -u -r1.28 cal.c
--- usr.bin/cal/cal.c 17 Mar 2015 19:31:30 -0000 1.28
+++ usr.bin/cal/cal.c 28 Sep 2015 20:15:11 -0000
@@ -150,6 +150,9 @@ main(int argc, char *argv[])
int ch, month, year, yflag;
const char *errstr;
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
+
yflag = year = 0;
while ((ch = getopt(argc, argv, "jmwy")) != -1)
switch(ch) {
Index: usr.bin/col/col.c
===================================================================
RCS file: /cvs/src/usr.bin/col/col.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 col.c
--- usr.bin/col/col.c 9 May 2015 20:36:18 -0000 1.17
+++ usr.bin/col/col.c 28 Sep 2015 20:15:11 -0000
@@ -113,6 +113,9 @@ main(int argc, char *argv[])
int adjust, opt, warned;
const char *errstr;
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
+
max_bufd_lines = 256;
compress_spaces = 1; /* compress spaces into tabs */
while ((opt = getopt(argc, argv, "bfhl:x")) != -1)
Index: usr.bin/colrm/colrm.c
===================================================================
RCS file: /cvs/src/usr.bin/colrm/colrm.c,v
retrieving revision 1.9
diff -u -p -u -r1.9 colrm.c
--- usr.bin/colrm/colrm.c 27 Oct 2009 23:59:36 -0000 1.9
+++ usr.bin/colrm/colrm.c 28 Sep 2015 20:15:11 -0000
@@ -52,6 +52,9 @@ main(int argc, char *argv[])
int ch;
char *p;
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "")) != -1)
switch(ch) {
case '?':
Index: usr.bin/column/column.c
===================================================================
RCS file: /cvs/src/usr.bin/column/column.c,v
retrieving revision 1.19
diff -u -p -u -r1.19 column.c
--- usr.bin/column/column.c 22 May 2014 19:50:34 -0000 1.19
+++ usr.bin/column/column.c 28 Sep 2015 20:15:11 -0000
@@ -67,6 +67,9 @@ main(int argc, char *argv[])
char *p;
const char *errstr;
+ if (tame("stdio rpath ioctl", NULL) == -1)
+ err(1, "tame");
+
if (ioctl(1, TIOCGWINSZ, &win) == -1 || !win.ws_col) {
if ((p = getenv("COLUMNS")) && *p != '\0') {
termwidth = strtonum(p, 1, INT_MAX, &errstr);
@@ -100,16 +103,23 @@ main(int argc, char *argv[])
argc -= optind;
argv += optind;
- if (!*argv)
+ if (!*argv) {
input(stdin);
- else for (; *argv; ++argv)
- if ((fp = fopen(*argv, "r"))) {
- input(fp);
- (void)fclose(fp);
- } else {
- warn("%s", *argv);
- eval = 1;
+ if (tame("stdio", NULL) != 0)
+ err(1, "tame");
+ } else {
+ if (tame("stdio rpath", NULL) != 0)
+ err(1, "tame");
+ for (; *argv; ++argv) {
+ if ((fp = fopen(*argv, "r"))) {
+ input(fp);
+ (void)fclose(fp);
+ } else {
+ warn("%s", *argv);
+ eval = 1;
+ }
}
+ }
if (!entries)
exit(eval);
Index: usr.bin/comm/comm.c
===================================================================
RCS file: /cvs/src/usr.bin/comm/comm.c,v
retrieving revision 1.8
diff -u -p -u -r1.8 comm.c
--- usr.bin/comm/comm.c 27 Oct 2009 23:59:37 -0000 1.8
+++ usr.bin/comm/comm.c 28 Sep 2015 20:15:11 -0000
@@ -61,6 +61,9 @@ main(int argc, char *argv[])
setlocale(LC_ALL, "");
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
flag1 = flag2 = flag3 = 1;
compare = strcoll;
while ((ch = getopt(argc, argv, "123f")) != -1)
Index: usr.bin/compress/main.c
===================================================================
RCS file: /cvs/src/usr.bin/compress/main.c,v
retrieving revision 1.86
diff -u -p -u -r1.86 main.c
--- usr.bin/compress/main.c 30 Aug 2015 21:06:24 -0000 1.86
+++ usr.bin/compress/main.c 28 Sep 2015 20:15:11 -0000
@@ -167,6 +167,9 @@ main(int argc, char *argv[])
char outfile[PATH_MAX], _infile[PATH_MAX], suffix[16];
int bits, ch, error, rc, cflag, oflag;
+ if (tame("stdio wpath cpath fattr", NULL) == -1)
+ err(1, "tame");
+
bits = cflag = oflag = 0;
storename = -1;
p = __progname;
Index: usr.bin/csplit/csplit.c
===================================================================
RCS file: /cvs/src/usr.bin/csplit/csplit.c,v
retrieving revision 1.5
diff -u -p -u -r1.5 csplit.c
--- usr.bin/csplit/csplit.c 20 May 2014 01:25:23 -0000 1.5
+++ usr.bin/csplit/csplit.c 28 Sep 2015 20:15:11 -0000
@@ -103,6 +103,9 @@ main(int argc, char *argv[])
setlocale(LC_ALL, "");
+ if (tame("stdio rpath wpath cpath", NULL) == -1)
+ err(1, "tame");
+
kflag = sflag = 0;
prefix = "xx";
sufflen = 2;
@@ -140,6 +143,8 @@ main(int argc, char *argv[])
if (strcmp(infn, "-") == 0) {
infile = stdin;
infn = "stdin";
+ if (tame("stdio wpath cpath", NULL) != 0)
+ err(1, "tame");
} else if ((infile = fopen(infn, "r")) == NULL)
err(1, "%s", infn);
Index: usr.bin/cut/cut.c
===================================================================
RCS file: /cvs/src/usr.bin/cut/cut.c,v
retrieving revision 1.19
diff -u -p -u -r1.19 cut.c
--- usr.bin/cut/cut.c 18 Aug 2015 17:10:48 -0000 1.19
+++ usr.bin/cut/cut.c 28 Sep 2015 20:15:11 -0000
@@ -63,6 +63,9 @@ main(int argc, char *argv[])
setlocale (LC_ALL, "");
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
dchar = '\t'; /* default delimiter is \t */
/* Since we don't support multi-byte characters, the -c and -b
Index: usr.bin/dc/dc.c
===================================================================
RCS file: /cvs/src/usr.bin/dc/dc.c,v
retrieving revision 1.13
diff -u -p -u -r1.13 dc.c
--- usr.bin/dc/dc.c 26 Nov 2014 18:34:51 -0000 1.13
+++ usr.bin/dc/dc.c 28 Sep 2015 20:15:11 -0000
@@ -47,6 +47,8 @@ main(int argc, char *argv[])
char *buf, *p;
struct stat st;
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
if ((buf = strdup("")) == NULL)
err(1, NULL);
Index: usr.bin/deroff/deroff.c
===================================================================
RCS file: /cvs/src/usr.bin/deroff/deroff.c,v
retrieving revision 1.11
diff -u -p -u -r1.11 deroff.c
--- usr.bin/deroff/deroff.c 9 Feb 2015 11:39:17 -0000 1.11
+++ usr.bin/deroff/deroff.c 28 Sep 2015 20:15:11 -0000
@@ -260,6 +260,9 @@ main(int ac, char **av)
int errflg = 0;
int kflag = NO;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
iflag = NO;
wordflag = NO;
msflag = NO;
@@ -331,6 +334,8 @@ main(int ac, char **av)
#endif /* DEBUG */
if (argc == 0) {
infile = stdin;
+ if (tame("stdio", NULL) != 0)
+ err(1, "tame");
} else {
infile = opn(argv[0]);
--argc;
Index: usr.bin/diff/diff.c
===================================================================
RCS file: /cvs/src/usr.bin/diff/diff.c,v
retrieving revision 1.59
diff -u -p -u -r1.59 diff.c
--- usr.bin/diff/diff.c 29 Apr 2015 04:00:25 -0000 1.59
+++ usr.bin/diff/diff.c 28 Sep 2015 20:15:11 -0000
@@ -217,6 +217,10 @@ main(int argc, char **argv)
argc -= optind;
argv += optind;
+ if (lflag == 0) {
+ if (tame("stdio wpath rpath tmppath", NULL) == -1)
+ err(1, "tame");
+ }
/*
* Do sanity checks, fill in stb1 and stb2 and call the appropriate
* driver routine. Both drivers use the contents of stb1 and stb2.
Index: usr.bin/diff3/diff3prog.c
===================================================================
RCS file: /cvs/src/usr.bin/diff3/diff3prog.c,v
retrieving revision 1.15
diff -u -p -u -r1.15 diff3prog.c
--- usr.bin/diff3/diff3prog.c 5 Sep 2015 09:47:08 -0000 1.15
+++ usr.bin/diff3/diff3prog.c 28 Sep 2015 20:15:11 -0000
@@ -145,6 +145,9 @@ main(int argc, char **argv)
{
int ch, i, m, n;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
eflag = 0;
oflag = 0;
while ((ch = getopt(argc, argv, "EeXx3")) != -1) {
Index: usr.bin/dirname/dirname.c
===================================================================
RCS file: /cvs/src/usr.bin/dirname/dirname.c,v
retrieving revision 1.13
diff -u -p -u -r1.13 dirname.c
--- usr.bin/dirname/dirname.c 10 Aug 2010 22:05:36 -0000 1.13
+++ usr.bin/dirname/dirname.c 28 Sep 2015 20:15:11 -0000
@@ -33,6 +33,9 @@ main(int argc, char *argv[])
setlocale(LC_ALL, "");
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "")) != -1) {
switch (ch) {
default:
Index: usr.bin/expand/expand.c
===================================================================
RCS file: /cvs/src/usr.bin/expand/expand.c,v
retrieving revision 1.12
diff -u -p -u -r1.12 expand.c
--- usr.bin/expand/expand.c 26 Nov 2013 13:18:55 -0000 1.12
+++ usr.bin/expand/expand.c 28 Sep 2015 20:15:11 -0000
@@ -51,6 +51,9 @@ main(int argc, char *argv[])
int c, column;
int n;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
/* handle obsolete syntax */
while (argc > 1 && argv[1][0] == '-' &&
isdigit((unsigned char)argv[1][1])) {
Index: usr.bin/fgen/fgen.l
===================================================================
RCS file: /cvs/src/usr.bin/fgen/fgen.l,v
retrieving revision 1.10
diff -u -p -u -r1.10 fgen.l
--- usr.bin/fgen/fgen.l 30 Dec 2013 21:52:21 -0000 1.10
+++ usr.bin/fgen/fgen.l 28 Sep 2015 20:15:11 -0000
@@ -960,6 +960,9 @@ main(argc, argv)
char *hdrtype = "version1";
int i;
+ if (tame("stdio rpath wpath cpath", NULL) == -1)
+ err(1, "tame");
+
outf = 1; /* stdout */
myname = argv[0];
Index: usr.bin/file/Makefile
===================================================================
RCS file: /cvs/src/usr.bin/file/Makefile,v
retrieving revision 1.15
diff -u -p -u -r1.15 Makefile
--- usr.bin/file/Makefile 27 Apr 2015 13:52:17 -0000 1.15
+++ usr.bin/file/Makefile 28 Sep 2015 20:15:11 -0000
@@ -1,7 +1,7 @@
# $OpenBSD: Makefile,v 1.15 2015/04/27 13:52:17 nicm Exp $
PROG= file
-SRCS= file.c magic-dump.c magic-load.c magic-test.c magic-common.c sandbox.c
\
+SRCS= file.c magic-dump.c magic-load.c magic-test.c magic-common.c \
text.c xmalloc.c
MAN= file.1 magic.5
Index: usr.bin/file/file.c
===================================================================
RCS file: /cvs/src/usr.bin/file/file.c,v
retrieving revision 1.47
diff -u -p -u -r1.47 file.c
--- usr.bin/file/file.c 12 Jul 2015 09:51:25 -0000 1.47
+++ usr.bin/file/file.c 28 Sep 2015 20:15:11 -0000
@@ -115,7 +115,7 @@ usage(void)
int
main(int argc, char **argv)
{
- int opt, pair[2], fd, idx;
+ int opt, pair[2], fd, idx, mode;
char *home;
struct passwd *pw;
struct imsgbuf ibuf;
@@ -191,8 +191,10 @@ main(int argc, char **argv)
parent = getpid();
if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pair) != 0)
err(1, "socketpair");
- pid = sandbox_fork(FILE_USER);
- if (pid == 0) {
+ switch (pid = fork()) {
+ case -1:
+ err(1, "fork");
+ case 0:
close(pair[0]);
child(pair[1], parent, argc, argv);
}
@@ -219,10 +221,21 @@ main(int argc, char **argv)
fd = -1;
msg.error = errno;
} else {
- fd = open(argv[idx], O_RDONLY|O_NONBLOCK);
- if (fd == -1 && (errno == ENFILE || errno == EMFILE))
- err(1, "open");
- if (S_ISLNK(msg.sb.st_mode))
+ /*
+ * tame(2) doesn't let us pass directory file
+ * descriptors around but we don't need them, so don't
+ * open directories or symlinks (which could be to
+ * directories).
+ */
+ mode = msg.sb.st_mode;
+ if (!S_ISDIR(mode) && !S_ISLNK(mode)) {
+ fd = open(argv[idx], O_RDONLY|O_NONBLOCK);
+ if (fd == -1 &&
+ (errno == ENFILE || errno == EMFILE))
+ err(1, "open");
+ } else
+ fd = -1;
+ if (S_ISLNK(mode))
read_link(&msg, argv[idx]);
}
send_message(&ibuf, &msg, sizeof msg, fd);
@@ -327,6 +340,7 @@ read_link(struct input_msg *msg, const c
static __dead void
child(int fd, pid_t parent, int argc, char **argv)
{
+ struct passwd *pw;
struct magic *m;
struct imsgbuf ibuf;
struct imsg imsg;
@@ -335,6 +349,24 @@ child(int fd, pid_t parent, int argc, ch
struct input_file inf;
int i, idx;
size_t len, width = 0;
+
+ if (tame("stdio cmsg getpw proc", NULL) == -1)
+ err(1, "tame");
+
+ if (geteuid() == 0) {
+ pw = getpwnam(FILE_USER);
+ if (pw == NULL)
+ errx(1, "unknown user %s", FILE_USER);
+ if (setgroups(1, &pw->pw_gid) != 0)
+ err(1, "setgroups");
+ if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0)
+ err(1, "setresgid");
+ if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0)
+ err(1, "setresuid");
+ }
+
+ if (tame("stdio cmsg", NULL) == -1)
+ err(1, "tame");
m = magic_load(magicfp, magicpath, cflag || Wflag);
if (cflag) {
Index: usr.bin/file/sandbox.c
===================================================================
RCS file: /cvs/src/usr.bin/file/sandbox.c,v
retrieving revision 1.9
diff -u -p -u -r1.9 sandbox.c
--- usr.bin/file/sandbox.c 23 Aug 2015 18:31:41 -0000 1.9
+++ usr.bin/file/sandbox.c 28 Sep 2015 20:15:11 -0000
@@ -1,158 +0,0 @@
-/* $OpenBSD: sandbox.c,v 1.9 2015/08/23 18:31:41 guenther Exp $ */
-
-/*
- * Copyright (c) 2015 Nicholas Marriott <n...@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
- * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <sys/types.h>
-#include <sys/ioctl.h>
-#include <sys/syscall.h>
-#include <sys/wait.h>
-
-#include <dev/systrace.h>
-
-#include <errno.h>
-#include <fcntl.h>
-#include <pwd.h>
-#include <signal.h>
-#include <unistd.h>
-
-#include "file.h"
-#include "magic.h"
-#include "xmalloc.h"
-
-static const struct
-{
- int syscallnum;
- int action;
-} allowed_syscalls[] = {
- { SYS_open, SYSTR_POLICY_NEVER }, /* for strerror */
-
- { SYS_close, SYSTR_POLICY_PERMIT },
- { SYS_exit, SYSTR_POLICY_PERMIT },
- { SYS_fcntl, SYSTR_POLICY_PERMIT },
- { SYS_fstat, SYSTR_POLICY_PERMIT },
- { SYS_getdtablecount, SYSTR_POLICY_PERMIT },
- { SYS_getentropy, SYSTR_POLICY_PERMIT },
- { SYS_getpid, SYSTR_POLICY_PERMIT },
- { SYS_getrlimit, SYSTR_POLICY_PERMIT },
- { SYS_issetugid, SYSTR_POLICY_PERMIT },
- { SYS_kbind, SYSTR_POLICY_PERMIT },
- { SYS_madvise, SYSTR_POLICY_PERMIT },
- { SYS_mmap, SYSTR_POLICY_PERMIT },
- { SYS_mprotect, SYSTR_POLICY_PERMIT },
- { SYS_mquery, SYSTR_POLICY_PERMIT },
- { SYS_munmap, SYSTR_POLICY_PERMIT },
- { SYS_read, SYSTR_POLICY_PERMIT },
- { SYS_recvmsg, SYSTR_POLICY_PERMIT },
- { SYS_sendmsg, SYSTR_POLICY_PERMIT },
- { SYS_sigprocmask, SYSTR_POLICY_PERMIT },
- { SYS_write, SYSTR_POLICY_PERMIT },
-
- { -1, -1 }
-};
-
-static int
-sandbox_find(int syscallnum)
-{
- int i;
-
- for (i = 0; allowed_syscalls[i].syscallnum != -1; i++) {
- if (allowed_syscalls[i].syscallnum == syscallnum)
- return (allowed_syscalls[i].action);
- }
- return (SYSTR_POLICY_KILL);
-}
-
-static int
-sandbox_child(const char *user)
-{
- struct passwd *pw;
-
- if (geteuid() == 0) {
- pw = getpwnam(user);
- if (pw == NULL)
- errx(1, "unknown user %s", user);
- if (setgroups(1, &pw->pw_gid) != 0)
- err(1, "setgroups");
- if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0)
- err(1, "setresgid");
- if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0)
- err(1, "setresuid");
- }
-
- if (kill(getpid(), SIGSTOP) != 0)
- err(1, "kill(SIGSTOP)");
- return (0);
-}
-
-int
-sandbox_fork(const char *user)
-{
- pid_t pid;
- int status, devfd, fd, i;
- struct systrace_policy policy;
-
- switch (pid = fork()) {
- case -1:
- err(1, "fork");
- case 0:
- return (sandbox_child(user));
- }
-
- /*
- * Wait for the child to stop itself with SIGSTOP before assigning the
- * policy, before that it might still be calling syscalls the policy
- * would block.
- */
- do {
- pid = waitpid(pid, &status, WUNTRACED);
- } while (pid == -1 && errno == EINTR);
- if (!WIFSTOPPED(status))
- errx(1, "child not stopped");
-
- devfd = open("/dev/systrace", O_RDONLY);
- if (devfd == -1)
- err(1, "open(\"/dev/systrace\")");
- if (ioctl(devfd, STRIOCCLONE, &fd) == -1)
- err(1, "ioctl(STRIOCCLONE)");
- close(devfd);
-
- if (ioctl(fd, STRIOCATTACH, &pid) == -1)
- goto out;
-
- memset(&policy, 0, sizeof policy);
- policy.strp_op = SYSTR_POLICY_NEW;
- policy.strp_maxents = SYS_MAXSYSCALL;
- if (ioctl(fd, STRIOCPOLICY, &policy) == -1)
- err(1, "ioctl(STRIOCPOLICY/NEW)");
- policy.strp_op = SYSTR_POLICY_ASSIGN;
- policy.strp_pid = pid;
- if (ioctl(fd, STRIOCPOLICY, &policy) == -1)
- err(1, "ioctl(STRIOCPOLICY/ASSIGN)");
-
- for (i = 0; i < SYS_MAXSYSCALL; i++) {
- policy.strp_op = SYSTR_POLICY_MODIFY;
- policy.strp_code = i;
- policy.strp_policy = sandbox_find(i);
- if (ioctl(fd, STRIOCPOLICY, &policy) == -1)
- err(1, "ioctl(STRIOCPOLICY/MODIFY)");
- }
-
-out:
- if (kill(pid, SIGCONT) != 0)
- err(1, "kill(SIGCONT)");
- return (pid);
-}
Index: usr.bin/finger/finger.c
===================================================================
RCS file: /cvs/src/usr.bin/finger/finger.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 finger.c
--- usr.bin/finger/finger.c 20 Aug 2015 22:32:41 -0000 1.20
+++ usr.bin/finger/finger.c 28 Sep 2015 20:15:11 -0000
@@ -126,6 +126,9 @@ main(int argc, char *argv[])
mflag++;
}
+ if (tame("stdio getpw rpath inet", NULL) == -1)
+ err(1, "tame");
+
(void)time(&now);
setpassent(1);
if (!*argv) {
@@ -134,6 +137,8 @@ main(int argc, char *argv[])
* not selected. Force the -s BEFORE we get names so proper
* screening will be done.
*/
+ if (tame("stdio getpw rpath", NULL) == -1)
+ err(1, "tame");
if (!lflag)
sflag = 1; /* if -l not explicit, force -s */
loginlist();
@@ -213,6 +218,10 @@ userlist(int argc, char **argv)
if (!dolocal)
goto net;
+
+ if (nettail == &nethead)
+ if (tame("stdio getpw rpath", NULL) == -1)
+ err(1, "tame");
/*
* traverse the list of possible login names and check the login name
Index: usr.bin/fmt/fmt.c
===================================================================
RCS file: /cvs/src/usr.bin/fmt/fmt.c,v
retrieving revision 1.30
diff -u -p -u -r1.30 fmt.c
--- usr.bin/fmt/fmt.c 26 Nov 2013 13:18:55 -0000 1.30
+++ usr.bin/fmt/fmt.c 28 Sep 2015 20:15:11 -0000
@@ -255,6 +255,9 @@ main(int argc, char *argv[])
(void)setlocale(LC_CTYPE, "");
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
/* 1. Grok parameters. */
while ((ch = getopt(argc, argv, "0123456789cd:hl:mnpst:w:")) != -1) {
switch (ch) {
@@ -337,6 +340,8 @@ main(int argc, char *argv[])
while (argc-- > 0)
process_named_file(*argv++);
} else {
+ if (tame("stdio", NULL) != 0)
+ err(1, "tame");
process_stream(stdin, "standard input");
}
Index: usr.bin/fold/fold.c
===================================================================
RCS file: /cvs/src/usr.bin/fold/fold.c,v
retrieving revision 1.15
diff -u -p -u -r1.15 fold.c
--- usr.bin/fold/fold.c 6 Feb 2015 09:10:55 -0000 1.15
+++ usr.bin/fold/fold.c 28 Sep 2015 20:15:11 -0000
@@ -56,6 +56,9 @@ main(int argc, char *argv[])
unsigned int width;
const char *errstr;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
width = 0;
lastch = '\0';
prevoptind = 1;
@@ -99,14 +102,19 @@ main(int argc, char *argv[])
if (width == 0)
width = DEFLINEWIDTH;
- if (!*argv)
+ if (!*argv) {
+ if (tame("stdio", NULL) != 0)
+ err(1, "tame");
fold(width);
- else for (; *argv; ++argv)
- if (!freopen(*argv, "r", stdin)) {
- err(1, "%s", *argv);
- /* NOTREACHED */
- } else
- fold(width);
+ } else {
+ for (; *argv; ++argv) {
+ if (!freopen(*argv, "r", stdin))
+ err(1, "%s", *argv);
+ /* NOTREACHED */
+ else
+ fold(width);
+ }
+ }
exit(0);
}
Index: usr.bin/from/from.c
===================================================================
RCS file: /cvs/src/usr.bin/from/from.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 from.c
--- usr.bin/from/from.c 3 Jun 2015 18:08:54 -0000 1.20
+++ usr.bin/from/from.c 28 Sep 2015 20:15:11 -0000
@@ -80,6 +80,8 @@ main(int argc, char *argv[])
exit(EXIT_SUCCESS);
err(1, "%s", file);
}
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
for (newline = 1; (linelen = getline(&line, &linesize, fp)) != -1;) {
if (*line == '\n') {
newline = 1;
@@ -98,6 +100,9 @@ char *
mail_spool(char *file, const char *user)
{
struct passwd *pwd;
+
+ if (tame("stdio rpath getpw", NULL) != 0)
+ err(1, "tame");
/*
* We find the mailbox by:
Index: usr.bin/getopt/getopt.c
===================================================================
RCS file: /cvs/src/usr.bin/getopt/getopt.c,v
retrieving revision 1.8
diff -u -p -u -r1.8 getopt.c
--- usr.bin/getopt/getopt.c 27 Oct 2009 23:59:38 -0000 1.8
+++ usr.bin/getopt/getopt.c 28 Sep 2015 20:15:11 -0000
@@ -8,6 +8,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
+#include <err.h>
int
main(int argc, char *argv[])
@@ -16,6 +17,9 @@ main(int argc, char *argv[])
extern char *optarg;
int c;
int status = 0;
+
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
optind = 2; /* Past the program name and the option letters. */
while ((c = getopt(argc, argv, argv[1])) != -1)
Index: usr.bin/grep/grep.c
===================================================================
RCS file: /cvs/src/usr.bin/grep/grep.c,v
retrieving revision 1.52
diff -u -p -u -r1.52 grep.c
--- usr.bin/grep/grep.c 27 Aug 2015 05:11:39 -0000 1.52
+++ usr.bin/grep/grep.c 28 Sep 2015 20:15:11 -0000
@@ -238,6 +238,9 @@ main(int argc, char *argv[])
char **expr;
const char *errstr;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
SLIST_INIT(&patfilelh);
switch (__progname[0]) {
case 'e':
Index: usr.bin/head/head.c
===================================================================
RCS file: /cvs/src/usr.bin/head/head.c,v
retrieving revision 1.18
diff -u -p -u -r1.18 head.c
--- usr.bin/head/head.c 8 Oct 2014 08:31:53 -0000 1.18
+++ usr.bin/head/head.c 28 Sep 2015 20:15:11 -0000
@@ -55,6 +55,9 @@ main(int argc, char *argv[])
char *p = NULL;
int status = 0;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
/* handle obsolete -number syntax */
if (argc > 1 && argv[1][0] == '-' &&
isdigit((unsigned char)argv[1][1])) {
@@ -87,6 +90,8 @@ main(int argc, char *argv[])
if (!firsttime)
exit(status);
fp = stdin;
+ if (tame("stdio", NULL) != 0)
+ err(1, "tame");
} else {
if ((fp = fopen(*argv, "r")) == NULL) {
warn("%s", *argv++);
Index: usr.bin/hexdump/hexdump.c
===================================================================
RCS file: /cvs/src/usr.bin/hexdump/hexdump.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 hexdump.c
--- usr.bin/hexdump/hexdump.c 16 Jan 2015 06:40:08 -0000 1.17
+++ usr.bin/hexdump/hexdump.c 28 Sep 2015 20:15:11 -0000
@@ -33,6 +33,7 @@
#include <err.h>
#include <stdio.h>
#include <stdlib.h>
+#include <unistd.h>
#include <string.h>
#include "hexdump.h"
@@ -52,6 +53,9 @@ main(int argc, char *argv[])
{
FS *tfs;
char *p;
+
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
if (!(p = strrchr(argv[0], 'o')) || strcmp(p, "od"))
newsyntax(argc, &argv);
Index: usr.bin/id/id.c
===================================================================
RCS file: /cvs/src/usr.bin/id/id.c,v
retrieving revision 1.23
diff -u -p -u -r1.23 id.c
--- usr.bin/id/id.c 19 May 2015 16:03:19 -0000 1.23
+++ usr.bin/id/id.c 28 Sep 2015 20:15:11 -0000
@@ -105,6 +105,9 @@ main(int argc, char *argv[])
argc -= optind;
argv += optind;
+ if (tame("stdio getpw", NULL) == -1)
+ err(1, "tame");
+
switch (cflag + Gflag + gflag + pflag + uflag) {
case 1:
break;
Index: usr.bin/indent/indent.c
===================================================================
RCS file: /cvs/src/usr.bin/indent/indent.c,v
retrieving revision 1.27
diff -u -p -u -r1.27 indent.c
--- usr.bin/indent/indent.c 20 Aug 2015 22:32:41 -0000 1.27
+++ usr.bin/indent/indent.c 28 Sep 2015 20:15:11 -0000
@@ -78,6 +78,8 @@ main(int argc, char **argv)
int last_else = 0; /* true iff last keyword was an else */
+ if (tame("stdio rpath wpath cpath tmppath", NULL) == -1)
+ err(1, "tame");
/*-----------------------------------------------*\
| INITIALIZATION |
Index: usr.bin/infocmp/infocmp.c
===================================================================
RCS file: /cvs/src/usr.bin/infocmp/infocmp.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 infocmp.c
--- usr.bin/infocmp/infocmp.c 12 Jan 2010 23:22:13 -0000 1.20
+++ usr.bin/infocmp/infocmp.c 28 Sep 2015 20:15:11 -0000
@@ -1282,6 +1282,9 @@ main(int argc, char *argv[])
bool init_analyze = FALSE;
bool suppress_untranslatable = FALSE;
+ if (tame("stdio rpath", NULL) == -1)
+ perror("tame");
+
/* where is the terminfo database location going to default to? */
restdir = firstdir = 0;
Index: usr.bin/join/join.c
===================================================================
RCS file: /cvs/src/usr.bin/join/join.c,v
retrieving revision 1.25
diff -u -p -u -r1.25 join.c
--- usr.bin/join/join.c 21 Jul 2015 04:42:59 -0000 1.25
+++ usr.bin/join/join.c 28 Sep 2015 20:15:11 -0000
@@ -104,6 +104,9 @@ main(int argc, char *argv[])
int aflag, ch, cval, vflag;
char *end;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
F1 = &input1;
F2 = &input2;
Index: usr.bin/jot/jot.c
===================================================================
RCS file: /cvs/src/usr.bin/jot/jot.c,v
retrieving revision 1.24
diff -u -p -u -r1.24 jot.c
--- usr.bin/jot/jot.c 21 Jul 2015 04:04:06 -0000 1.24
+++ usr.bin/jot/jot.c 28 Sep 2015 20:15:11 -0000
@@ -84,6 +84,9 @@ main(int argc, char *argv[])
int ch;
const char *errstr;
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "rb:w:cs:np:")) != -1)
switch (ch) {
case 'r':
Index: usr.bin/kdump/kdump.c
===================================================================
RCS file: /cvs/src/usr.bin/kdump/kdump.c,v
retrieving revision 1.105
diff -u -p -u -r1.105 kdump.c
--- usr.bin/kdump/kdump.c 13 Sep 2015 17:08:03 -0000 1.105
+++ usr.bin/kdump/kdump.c 28 Sep 2015 20:15:11 -0000
@@ -240,6 +240,9 @@ main(int argc, char *argv[])
if (argc > optind)
usage();
+ if (tame("malloc rpath", NULL) == -1)
+ err(1, "tame");
+
m = malloc(size = 1025);
if (m == NULL)
err(1, NULL);
Index: usr.bin/lam/lam.c
===================================================================
RCS file: /cvs/src/usr.bin/lam/lam.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 lam.c
--- usr.bin/lam/lam.c 16 Jan 2015 06:40:09 -0000 1.17
+++ usr.bin/lam/lam.c 28 Sep 2015 20:15:11 -0000
@@ -71,6 +71,9 @@ main(int argc, char *argv[])
{
int i;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
/* Process arguments, set numfiles to file argument count. */
getargs(argc, argv);
if (numfiles == 0)
Index: usr.bin/lastcomm/lastcomm.c
===================================================================
RCS file: /cvs/src/usr.bin/lastcomm/lastcomm.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 lastcomm.c
--- usr.bin/lastcomm/lastcomm.c 15 Mar 2015 00:41:28 -0000 1.21
+++ usr.bin/lastcomm/lastcomm.c 28 Sep 2015 20:15:11 -0000
@@ -69,6 +69,9 @@ main(int argc, char *argv[])
int ch;
char *acctfile;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
acctfile = _PATH_ACCT;
while ((ch = getopt(argc, argv, "f:")) != -1)
switch(ch) {
Index: usr.bin/leave/leave.c
===================================================================
RCS file: /cvs/src/usr.bin/leave/leave.c,v
retrieving revision 1.15
diff -u -p -u -r1.15 leave.c
--- usr.bin/leave/leave.c 16 Jan 2015 06:40:09 -0000 1.15
+++ usr.bin/leave/leave.c 28 Sep 2015 20:15:11 -0000
@@ -62,7 +62,10 @@ main(int argc, char *argv[])
time_t now;
int plusnow = 0, twentyfour;
char buf[50];
-
+
+ if (tame("stdio proc", NULL) == -1)
+ err(1, "tame");
+
if (setvbuf(stdout, NULL, _IOLBF, 0) != 0)
errx(1, "Cannot set stdout to line buffered.");
Index: usr.bin/logger/logger.c
===================================================================
RCS file: /cvs/src/usr.bin/logger/logger.c,v
retrieving revision 1.14
diff -u -p -u -r1.14 logger.c
--- usr.bin/logger/logger.c 18 Apr 2015 18:28:37 -0000 1.14
+++ usr.bin/logger/logger.c 28 Sep 2015 20:15:11 -0000
@@ -37,6 +37,7 @@
#include <stdio.h>
#include <ctype.h>
#include <string.h>
+#include <err.h>
#define SYSLOG_NAMES
#include <syslog.h>
@@ -91,6 +92,9 @@ main(int argc, char *argv[])
/* setup for logging */
openlog(tag ? tag : getlogin(), logflags, 0);
(void) fclose(stdout);
+
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
/* log input line if appropriate */
if (argc > 0) {
Index: usr.bin/logname/logname.c
===================================================================
RCS file: /cvs/src/usr.bin/logname/logname.c,v
retrieving revision 1.7
diff -u -p -u -r1.7 logname.c
--- usr.bin/logname/logname.c 27 Oct 2009 23:59:40 -0000 1.7
+++ usr.bin/logname/logname.c 28 Sep 2015 20:15:11 -0000
@@ -46,6 +46,9 @@ main(int argc, char *argv[])
setlocale(LC_ALL, "");
+ if (tame("stdio getpw", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "")) != -1)
switch (ch) {
case '?':
Index: usr.bin/look/look.c
===================================================================
RCS file: /cvs/src/usr.bin/look/look.c,v
retrieving revision 1.16
diff -u -p -u -r1.16 look.c
--- usr.bin/look/look.c 6 Feb 2015 23:21:59 -0000 1.16
+++ usr.bin/look/look.c 28 Sep 2015 20:15:11 -0000
@@ -88,6 +88,9 @@ main(int argc, char *argv[])
int ch, fd, termchar;
char *back, *file, *front, *string, *p;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
file = _PATH_WORDS;
termchar = '\0';
while ((ch = getopt(argc, argv, "dft:")) != -1)
Index: usr.bin/mktemp/mktemp.c
===================================================================
RCS file: /cvs/src/usr.bin/mktemp/mktemp.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 mktemp.c
--- usr.bin/mktemp/mktemp.c 6 Aug 2013 21:56:51 -0000 1.20
+++ usr.bin/mktemp/mktemp.c 28 Sep 2015 20:15:11 -0000
@@ -38,6 +38,9 @@ main(int argc, char *argv[])
char *cp, *template, *tempfile, *prefix = _PATH_TMP;
size_t len;
+ if (tame("stdio wpath cpath", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "dp:qtu")) != -1)
switch(ch) {
case 'd':
Index: usr.bin/nl/nl.c
===================================================================
RCS file: /cvs/src/usr.bin/nl/nl.c,v
retrieving revision 1.4
diff -u -p -u -r1.4 nl.c
--- usr.bin/nl/nl.c 21 Jan 2015 22:28:09 -0000 1.4
+++ usr.bin/nl/nl.c 28 Sep 2015 20:15:11 -0000
@@ -118,6 +118,9 @@ main(int argc, char *argv[])
(void)setlocale(LC_ALL, "");
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
while ((c = getopt(argc, argv, "pb:d:f:h:i:l:n:s:v:w:")) != -1) {
switch (c) {
case 'p':
@@ -204,10 +207,15 @@ main(int argc, char *argv[])
switch (argc) {
case 0:
+ /* Read from stdin. */
+ if (tame("stdio", NULL) != 0)
+ err(1, "tame");
break;
case 1:
- if (strcmp(argv[0], "-") != 0 &&
- freopen(argv[0], "r", stdin) == NULL)
+ if (strcmp(argv[0], "-") == 0)
+ if (tame("stdio", NULL) != 0)
+ err(1, "tame");
+ else if (freopen(argv[0], "r", stdin) == NULL)
err(EXIT_FAILURE, "%s", argv[0]);
break;
default:
Index: usr.bin/nm/nm.c
===================================================================
RCS file: /cvs/src/usr.bin/nm/nm.c,v
retrieving revision 1.47
diff -u -p -u -r1.47 nm.c
--- usr.bin/nm/nm.c 13 Aug 2015 19:13:28 -0000 1.47
+++ usr.bin/nm/nm.c 28 Sep 2015 20:15:11 -0000
@@ -135,6 +135,9 @@ main(int argc, char *argv[])
const struct option *lopts;
int ch, eval;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
optstr = OPTSTRING_NM;
lopts = longopts_nm;
if (!strcmp(__progname, "size")) {
Index: usr.bin/paste/paste.c
===================================================================
RCS file: /cvs/src/usr.bin/paste/paste.c,v
retrieving revision 1.19
diff -u -p -u -r1.19 paste.c
--- usr.bin/paste/paste.c 25 Nov 2014 10:20:24 -0000 1.19
+++ usr.bin/paste/paste.c 28 Sep 2015 20:15:11 -0000
@@ -57,6 +57,9 @@ main(int argc, char *argv[])
extern int optind;
int ch, seq;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
seq = 0;
while ((ch = getopt(argc, argv, "d:s")) != -1) {
switch (ch) {
Index: usr.bin/patch/patch.c
===================================================================
RCS file: /cvs/src/usr.bin/patch/patch.c,v
retrieving revision 1.54
diff -u -p -u -r1.54 patch.c
--- usr.bin/patch/patch.c 13 Dec 2014 10:31:07 -0000 1.54
+++ usr.bin/patch/patch.c 28 Sep 2015 20:15:11 -0000
@@ -147,6 +147,9 @@ main(int argc, char *argv[])
const char *tmpdir;
char *v;
+ if (tame("stdio rpath wpath cpath tmppath fattr", NULL) == -1)
+ perror("tame");
+
setvbuf(stdout, NULL, _IOLBF, 0);
setvbuf(stderr, NULL, _IOLBF, 0);
for (i = 0; i < MAXFILEC; i++)
Index: usr.bin/pr/pr.c
===================================================================
RCS file: /cvs/src/usr.bin/pr/pr.c,v
retrieving revision 1.36
diff -u -p -u -r1.36 pr.c
--- usr.bin/pr/pr.c 20 Aug 2015 22:32:41 -0000 1.36
+++ usr.bin/pr/pr.c 28 Sep 2015 20:15:11 -0000
@@ -140,6 +140,9 @@ main(int argc, char *argv[])
{
int ret_val;
+ if (tame("stdio rpath", NULL) == -1)
+ perror("tame");
+
if (signal(SIGINT, SIG_IGN) != SIG_IGN)
(void)signal(SIGINT, terminate);
ret_val = setup(argc, argv);
Index: usr.bin/printenv/printenv.c
===================================================================
RCS file: /cvs/src/usr.bin/printenv/printenv.c,v
retrieving revision 1.6
diff -u -p -u -r1.6 printenv.c
--- usr.bin/printenv/printenv.c 27 Oct 2009 23:59:41 -0000 1.6
+++ usr.bin/printenv/printenv.c 28 Sep 2015 20:15:11 -0000
@@ -32,6 +32,8 @@
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
+#include <unistd.h>
+#include <err.h>
/*
* printenv
@@ -45,6 +47,9 @@ main(int argc, char *argv[])
extern char **environ;
char *cp, **ep;
int len;
+
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
if (argc < 2) {
for (ep = environ; *ep; ep++)
Index: usr.bin/printf/printf.c
===================================================================
RCS file: /cvs/src/usr.bin/printf/printf.c,v
retrieving revision 1.22
diff -u -p -u -r1.22 printf.c
--- usr.bin/printf/printf.c 25 May 2014 07:36:36 -0000 1.22
+++ usr.bin/printf/printf.c 28 Sep 2015 20:15:11 -0000
@@ -32,6 +32,7 @@
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
+#include <unistd.h>
#include <string.h>
#include <limits.h>
#include <locale.h>
@@ -80,6 +81,9 @@ main(int argc, char *argv[])
char *format;
setlocale (LC_ALL, "");
+
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
/* Need to accept/ignore "--" option. */
if (argc > 1 && strcmp(argv[1], "--") == 0) {
Index: usr.bin/readlink/readlink.c
===================================================================
RCS file: /cvs/src/usr.bin/readlink/readlink.c,v
retrieving revision 1.25
diff -u -p -u -r1.25 readlink.c
--- usr.bin/readlink/readlink.c 1 May 2009 10:36:48 -0000 1.25
+++ usr.bin/readlink/readlink.c 28 Sep 2015 20:15:11 -0000
@@ -44,6 +44,9 @@ main(int argc, char *argv[])
int n, ch, nflag = 0, fflag = 0;
extern int optind;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "fn")) != -1)
switch (ch) {
case 'f':
Index: usr.bin/rev/rev.c
===================================================================
RCS file: /cvs/src/usr.bin/rev/rev.c,v
retrieving revision 1.10
diff -u -p -u -r1.10 rev.c
--- usr.bin/rev/rev.c 27 Oct 2009 23:59:42 -0000 1.10
+++ usr.bin/rev/rev.c 28 Sep 2015 20:15:11 -0000
@@ -49,6 +49,9 @@ main(int argc, char *argv[])
size_t len;
int ch, rval;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "")) != -1)
switch(ch) {
case '?':
@@ -71,6 +74,9 @@ main(int argc, char *argv[])
continue;
}
filename = *argv++;
+ } else {
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
}
while ((p = fgetln(fp, &len)) != NULL) {
if (p[len - 1] == '\n')
Index: usr.bin/rs/rs.c
===================================================================
RCS file: /cvs/src/usr.bin/rs/rs.c,v
retrieving revision 1.25
diff -u -p -u -r1.25 rs.c
--- usr.bin/rs/rs.c 20 Aug 2015 22:32:41 -0000 1.25
+++ usr.bin/rs/rs.c 28 Sep 2015 20:15:11 -0000
@@ -93,6 +93,9 @@ void putfile(void);
int
main(int argc, char *argv[])
{
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
+
getargs(argc, argv);
getfile();
if (flags & SHAPEONLY) {
Index: usr.bin/script/script.c
===================================================================
RCS file: /cvs/src/usr.bin/script/script.c,v
retrieving revision 1.27
diff -u -p -u -r1.27 script.c
--- usr.bin/script/script.c 19 Jul 2015 06:12:06 -0000 1.27
+++ usr.bin/script/script.c 28 Sep 2015 20:15:11 -0000
@@ -165,6 +165,9 @@ main(int argc, char *argv[])
sa.sa_handler = finish;
(void)sigaction(SIGCHLD, &sa, NULL);
+ if (tame("stdio ioctl", NULL) == -1)
+ err(1, "tame");
+
(void)fclose(fscript);
while (1) {
if (dead)
@@ -247,6 +250,9 @@ dooutput(void)
sigemptyset(&sa.sa_mask);
sa.sa_handler = SIG_IGN;
(void)sigaction(SIGCHLD, &sa, NULL);
+
+ if (tame("stdio", NULL) != 0)
+ err(1, "tame");
value.it_interval.tv_sec = 30;
value.it_interval.tv_usec = 0;
Index: usr.bin/sed/main.c
===================================================================
RCS file: /cvs/src/usr.bin/sed/main.c,v
retrieving revision 1.24
diff -u -p -u -r1.24 main.c
--- usr.bin/sed/main.c 19 Jul 2015 17:21:21 -0000 1.24
+++ usr.bin/sed/main.c 29 Sep 2015 14:22:53 -0000
@@ -159,6 +159,14 @@ main(int argc, char *argv[])
if (termwidth == 0)
termwidth = 60;
+ if (inplace != NULL) {
+ if (tame("stdio wpath rpath cpath fattr", NULL) == -1)
+ err(1, "tame");
+ } else {
+ if (tame("stdio wpath rpath cpath", NULL) == -1)
+ err(1, "tame");
+ }
+
/* First usage case; script is the first arg */
if (!eflag && !fflag && *argv) {
add_compunit(CU_STRING, *argv);
Index: usr.bin/split/split.c
===================================================================
RCS file: /cvs/src/usr.bin/split/split.c,v
retrieving revision 1.18
diff -u -p -u -r1.18 split.c
--- usr.bin/split/split.c 16 Jan 2015 06:40:12 -0000 1.18
+++ usr.bin/split/split.c 28 Sep 2015 20:15:11 -0000
@@ -68,6 +68,9 @@ main(int argc, char *argv[])
char *ep, *p;
const char *errstr;
+ if (tame("stdio rpath wpath cpath", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "0123456789a:b:l:p:-")) != -1)
switch (ch) {
case '0': case '1': case '2': case '3': case '4':
Index: usr.bin/stat/stat.c
===================================================================
RCS file: /cvs/src/usr.bin/stat/stat.c,v
retrieving revision 1.18
diff -u -p -u -r1.18 stat.c
--- usr.bin/stat/stat.c 26 Nov 2013 21:08:12 -0000 1.18
+++ usr.bin/stat/stat.c 28 Sep 2015 20:15:11 -0000
@@ -158,6 +158,9 @@ main(int argc, char *argv[])
int lsF, fmtchar, usestat, fn, nonl, quiet;
char *statfmt, *options, *synopsis;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
lsF = 0;
fmtchar = '\0';
usestat = 0;
Index: usr.bin/tail/tail.c
===================================================================
RCS file: /cvs/src/usr.bin/tail/tail.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 tail.c
--- usr.bin/tail/tail.c 27 Oct 2009 23:59:44 -0000 1.17
+++ usr.bin/tail/tail.c 28 Sep 2015 20:15:11 -0000
@@ -61,6 +61,9 @@ main(int argc, char *argv[])
int ch, first;
char *p;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
/*
* Tail's options are weird. First, -n10 is the same as -n-10, not
* -n+10. Second, the number options are 1 based and not offsets,
Index: usr.bin/tee/tee.c
===================================================================
RCS file: /cvs/src/usr.bin/tee/tee.c,v
retrieving revision 1.8
diff -u -p -u -r1.8 tee.c
--- usr.bin/tee/tee.c 23 Apr 2013 17:48:17 -0000 1.8
+++ usr.bin/tee/tee.c 28 Sep 2015 20:15:11 -0000
@@ -74,6 +74,9 @@ main(int argc, char *argv[])
setlocale(LC_ALL, "");
+ if (tame("stdio rpath wpath cpath", NULL) == -1)
+ err(1, "tame");
+
append = 0;
while ((ch = getopt(argc, argv, "ai")) != -1) {
switch(ch) {
Index: usr.bin/tic/tic.c
===================================================================
RCS file: /cvs/src/usr.bin/tic/tic.c,v
retrieving revision 1.31
diff -u -p -u -r1.31 tic.c
--- usr.bin/tic/tic.c 28 Nov 2013 18:24:55 -0000 1.31
+++ usr.bin/tic/tic.c 30 Sep 2015 18:03:04 -0000
@@ -499,6 +499,9 @@ main(int argc, char *argv[])
bool check_only = FALSE;
bool suppress_untranslatable = FALSE;
+ if (tame("stdio rpath cpath", NULL) == -1)
+ perror("tame");
+
log_fp = stderr;
_nc_progname = _nc_rootname(argv[0]);
Index: usr.bin/touch/touch.c
===================================================================
RCS file: /cvs/src/usr.bin/touch/touch.c,v
retrieving revision 1.23
diff -u -p -u -r1.23 touch.c
--- usr.bin/touch/touch.c 17 Mar 2015 19:31:30 -0000 1.23
+++ usr.bin/touch/touch.c 28 Sep 2015 20:15:11 -0000
@@ -60,6 +60,9 @@ main(int argc, char *argv[])
(void)setlocale(LC_ALL, "");
+ if (tame("stdio wpath cpath fattr", NULL) == -1)
+ err(1, "tame");
+
aflag = cflag = mflag = timeset = 0;
while ((ch = getopt(argc, argv, "acd:fmr:t:")) != -1)
switch (ch) {
Index: usr.bin/tr/tr.c
===================================================================
RCS file: /cvs/src/usr.bin/tr/tr.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 tr.c
--- usr.bin/tr/tr.c 3 Jun 2014 20:57:23 -0000 1.17
+++ usr.bin/tr/tr.c 28 Sep 2015 20:15:11 -0000
@@ -87,6 +87,9 @@ main(int argc, char *argv[])
int ch, cnt, lastch, *p;
int cflag, dflag, sflag, isstring2;
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
+
cflag = dflag = sflag = 0;
while ((ch = getopt(argc, argv, "Ccds")) != -1)
switch(ch) {
Index: usr.bin/uname/uname.c
===================================================================
RCS file: /cvs/src/usr.bin/uname/uname.c,v
retrieving revision 1.14
diff -u -p -u -r1.14 uname.c
--- usr.bin/uname/uname.c 21 Jul 2015 16:22:59 -0000 1.14
+++ usr.bin/uname/uname.c 28 Sep 2015 20:15:11 -0000
@@ -59,6 +59,9 @@ main(int argc, char *argv[])
setlocale(LC_ALL, "");
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
+
while ((c = getopt(argc, argv, "amnrsvp")) != -1 ) {
switch (c) {
case 'a':
Index: usr.bin/uniq/uniq.c
===================================================================
RCS file: /cvs/src/usr.bin/uniq/uniq.c,v
retrieving revision 1.19
diff -u -p -u -r1.19 uniq.c
--- usr.bin/uniq/uniq.c 26 Nov 2013 19:25:39 -0000 1.19
+++ usr.bin/uniq/uniq.c 28 Sep 2015 20:15:11 -0000
@@ -61,6 +61,9 @@ main(int argc, char *argv[])
int ch;
char *prevline, *thisline;
+ if (tame("stdio rpath wpath", NULL) == -1)
+ err(1, "tame");
+
obsolete(argv);
while ((ch = getopt(argc, argv, "cdf:s:u")) != -1) {
const char *errstr;
@@ -118,6 +121,9 @@ main(int argc, char *argv[])
default:
usage();
}
+
+ if (tame("stdio", NULL) != 0)
+ err(1, "tame");
prevline = malloc(MAXLINELEN);
thisline = malloc(MAXLINELEN);
Index: usr.bin/units/units.c
===================================================================
RCS file: /cvs/src/usr.bin/units/units.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 units.c
--- usr.bin/units/units.c 27 Nov 2013 00:13:24 -0000 1.20
+++ usr.bin/units/units.c 28 Sep 2015 20:15:11 -0000
@@ -23,6 +23,7 @@
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
+#include <err.h>
#define UNITSFILE "/usr/share/misc/units.lib"
@@ -630,6 +631,9 @@ main(int argc, char **argv)
extern char *optarg;
extern int optind;
+
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
while ((optchar = getopt(argc, argv, "vqf:")) != -1) {
switch (optchar) {
Index: usr.bin/unvis/unvis.c
===================================================================
RCS file: /cvs/src/usr.bin/unvis/unvis.c,v
retrieving revision 1.12
diff -u -p -u -r1.12 unvis.c
--- usr.bin/unvis/unvis.c 22 Jan 2014 09:45:21 -0000 1.12
+++ usr.bin/unvis/unvis.c 28 Sep 2015 20:15:11 -0000
@@ -43,6 +43,9 @@ main(int argc, char *argv[])
FILE *fp;
int ch;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "")) != -1)
switch(ch) {
case '?':
Index: usr.bin/users/users.c
===================================================================
RCS file: /cvs/src/usr.bin/users/users.c,v
retrieving revision 1.11
diff -u -p -u -r1.11 users.c
--- usr.bin/users/users.c 8 Oct 2014 04:11:28 -0000 1.11
+++ usr.bin/users/users.c 28 Sep 2015 20:15:11 -0000
@@ -53,6 +53,9 @@ main(int argc, char *argv[])
struct utmp utmp;
int ch;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "")) != -1)
switch(ch) {
case '?':
Index: usr.bin/vacation/vacation.c
===================================================================
RCS file: /cvs/src/usr.bin/vacation/vacation.c,v
retrieving revision 1.37
diff -u -p -u -r1.37 vacation.c
--- usr.bin/vacation/vacation.c 20 Aug 2015 22:32:42 -0000 1.37
+++ usr.bin/vacation/vacation.c 28 Sep 2015 20:15:11 -0000
@@ -49,6 +49,7 @@
#include <stdlib.h>
#include <string.h>
#include <paths.h>
+#include <err.h>
/*
* VACATION -- return a message to the sender when on vacation.
@@ -92,6 +93,9 @@ main(int argc, char *argv[])
time_t interval;
struct stat sb;
ALIAS *cur;
+
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
opterr = iflag = 0;
interval = -1;
Index: usr.bin/vis/vis.c
===================================================================
RCS file: /cvs/src/usr.bin/vis/vis.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 vis.c
--- usr.bin/vis/vis.c 18 Apr 2015 18:28:38 -0000 1.17
+++ usr.bin/vis/vis.c 28 Sep 2015 20:15:11 -0000
@@ -55,6 +55,9 @@ main(int argc, char *argv[])
FILE *fp;
int ch;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "anwctsobfF:ld")) != -1)
switch(ch) {
case 'a':
Index: usr.bin/wc/wc.c
===================================================================
RCS file: /cvs/src/usr.bin/wc/wc.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 wc.c
--- usr.bin/wc/wc.c 16 Jan 2015 06:40:14 -0000 1.17
+++ usr.bin/wc/wc.c 28 Sep 2015 20:15:11 -0000
@@ -57,6 +57,9 @@ main(int argc, char *argv[])
setlocale(LC_ALL, "");
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
while ((ch = getopt(argc, argv, "lwchm")) != -1)
switch(ch) {
case 'l':
Index: usr.bin/what/what.c
===================================================================
RCS file: /cvs/src/usr.bin/what/what.c,v
retrieving revision 1.13
diff -u -p -u -r1.13 what.c
--- usr.bin/what/what.c 22 Jan 2015 19:10:17 -0000 1.13
+++ usr.bin/what/what.c 28 Sep 2015 20:15:11 -0000
@@ -58,6 +58,9 @@ main(int argc, char *argv[])
char match[256];
int c;
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
matches = sflag = 0;
while ((c = getopt(argc, argv, "s")) != -1) {
switch (c) {
Index: usr.bin/who/who.c
===================================================================
RCS file: /cvs/src/usr.bin/who/who.c,v
retrieving revision 1.20
diff -u -p -u -r1.20 who.c
--- usr.bin/who/who.c 22 Aug 2013 04:43:41 -0000 1.20
+++ usr.bin/who/who.c 28 Sep 2015 20:15:11 -0000
@@ -72,6 +72,9 @@ main(int argc, char *argv[])
setlocale(LC_ALL, "");
+ if (tame("stdio rpath", NULL) == -1)
+ err(1, "tame");
+
only_current_term = show_term = show_idle = show_labels = 0;
show_quick = 0;
while ((c = getopt(argc, argv, "HmqTu")) != -1) {
Index: usr.bin/whois/whois.c
===================================================================
RCS file: /cvs/src/usr.bin/whois/whois.c,v
retrieving revision 1.48
diff -u -p -u -r1.48 whois.c
--- usr.bin/whois/whois.c 17 Aug 2015 10:48:10 -0000 1.48
+++ usr.bin/whois/whois.c 28 Sep 2015 20:15:11 -0000
@@ -138,6 +138,9 @@ main(int argc, char *argv[])
if (!argc || (country != NULL && host != NULL))
usage();
+ if (tame("stdio dns inet", NULL) == -1)
+ err(1, "tame");
+
if (host == NULL && country == NULL && !(flags & WHOIS_QUICK))
flags |= WHOIS_RECURSE;
for (name = *argv; (name = *argv) != NULL; argv++)
Index: usr.bin/yes/yes.c
===================================================================
RCS file: /cvs/src/usr.bin/yes/yes.c,v
retrieving revision 1.8
diff -u -p -u -r1.8 yes.c
--- usr.bin/yes/yes.c 27 Oct 2009 23:59:50 -0000 1.8
+++ usr.bin/yes/yes.c 28 Sep 2015 20:15:11 -0000
@@ -30,11 +30,15 @@
* SUCH DAMAGE.
*/
+#include <unistd.h>
#include <stdio.h>
int
main(int argc, char *argv[])
{
+ if (tame("stdio", NULL) == -1)
+ perror("tame");
+
if (argc > 1)
for (;;)
puts(argv[1]);
Index: usr.sbin/acpidump/acpidump.c
===================================================================
RCS file: /cvs/src/usr.sbin/acpidump/acpidump.c,v
retrieving revision 1.12
diff -u -p -u -r1.12 acpidump.c
--- usr.sbin/acpidump/acpidump.c 4 Sep 2015 05:58:40 -0000 1.12
+++ usr.sbin/acpidump/acpidump.c 28 Sep 2015 20:15:11 -0000
@@ -269,7 +269,6 @@ acpi_find_rsd_ptr(void)
u_int8_t buf[sizeof(struct ACPIrsdp)];
u_long addr;
- acpi_user_init();
if ((addr = bios_acpi_addr()) != 0) {
lseek(acpi_mem_fd, addr, SEEK_SET);
read(acpi_mem_fd, buf, 16);
@@ -532,6 +531,11 @@ asl_dump_from_devmem(void)
snprintf(name, sizeof(name), "%s.headers", aml_dumpfile);
+ acpi_user_init();
+
+ if (tame("stdio wpath cpath", NULL) == -1)
+ err(1, "tame");
+
rp = acpi_find_rsd_ptr();
if (!rp)
errx(1, "Can't find ACPI information");
@@ -566,10 +570,14 @@ main(int argc, char *argv[])
char c;
while ((c = getopt(argc, argv, "o:")) != -1) {
- if (c == 'o')
+ switch (c) {
+ case 'o':
aml_dumpfile = optarg;
- else
+ break;
+ default:
usage();
+ break;
+ }
}
if (aml_dumpfile == NULL)
Index: usr.sbin/arp/arp.c
===================================================================
RCS file: /cvs/src/usr.sbin/arp/arp.c,v
retrieving revision 1.64
diff -u -p -u -r1.64 arp.c
--- usr.sbin/arp/arp.c 3 Jun 2015 08:10:53 -0000 1.64
+++ usr.sbin/arp/arp.c 28 Sep 2015 20:15:11 -0000
@@ -160,8 +160,12 @@ main(int argc, char *argv[])
func = F_GET;
rtn = 0;
+ getsocket();
+
switch (func) {
case F_GET:
+ if (tame("stdio dns inet", NULL) == -1)
+ err(1, "tame");
if (aflag && argc == 0)
dump();
else if (!aflag && argc == 1)
@@ -177,6 +181,8 @@ main(int argc, char *argv[])
rtn = set(argc, argv) ? 1 : 0;
break;
case F_DELETE:
+ if (tame("stdio dns inet", NULL) == -1)
+ err(1, "tame");
if (aflag && argc == 0)
search(0, nuke_entry);
else if (!aflag && argc == 1)
@@ -278,7 +284,6 @@ set(int argc, char *argv[])
sin = &sin_m;
rtm = &(m_rtmsg.m_rtm);
- getsocket();
argc -= 2;
argv += 2;
sdl_m = blank_sdl; /* struct copy */
@@ -408,7 +413,6 @@ delete(const char *host, const char *inf
if (info && strncmp(info, "pro", 3) )
export_only = 1;
- getsocket();
sin_m = blank_sin; /* struct copy */
if (getinetaddr(host, &sin->sin_addr) == -1)
return (1);
Index: usr.sbin/authpf/authpf.c
===================================================================
RCS file: /cvs/src/usr.sbin/authpf/authpf.c,v
retrieving revision 1.123
diff -u -p -u -r1.123 authpf.c
--- usr.sbin/authpf/authpf.c 21 Jan 2015 21:50:32 -0000 1.123
+++ usr.sbin/authpf/authpf.c 28 Sep 2015 20:15:11 -0000
@@ -148,6 +148,9 @@ main(int argc, char *argv[])
login_close(lc);
+ if (tame("stdio wpath", NULL) == -1)
+ err(1, "tame");
+
if (strcmp(shell, PATH_AUTHPF_SHELL) &&
strcmp(shell, PATH_AUTHPF_SHELL_NOIP)) {
syslog(LOG_ERR, "wrong shell for user %s, uid %u",
Index: usr.sbin/bgpd/rde.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.339
diff -u -p -u -r1.339 rde.c
--- usr.sbin/bgpd/rde.c 21 Sep 2015 09:47:15 -0000 1.339
+++ usr.sbin/bgpd/rde.c 28 Sep 2015 20:15:11 -0000
@@ -30,6 +30,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <err.h>
#include "bgpd.h"
#include "mrt.h"
@@ -185,6 +186,9 @@ rde_main(int debug, int verbose)
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
fatal("can't drop privileges");
+
+ if (tame("malloc unix cmsg", NULL) == -1)
+ err(1, "tame");
signal(SIGTERM, rde_sighdlr);
signal(SIGINT, rde_sighdlr);
Index: usr.sbin/bgpd/session.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/session.c,v
retrieving revision 1.340
diff -u -p -u -r1.340 session.c
--- usr.sbin/bgpd/session.c 4 Aug 2015 14:46:38 -0000 1.340
+++ usr.sbin/bgpd/session.c 28 Sep 2015 20:15:11 -0000
@@ -219,6 +219,9 @@ session_main(int debug, int verbose)
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
fatal("can't drop privileges");
+ if (tame("malloc inet cmsg", NULL) == -1)
+ err(1, "tame");
+
signal(SIGTERM, session_sighdlr);
signal(SIGINT, session_sighdlr);
signal(SIGPIPE, SIG_IGN);
Index: usr.sbin/httpd/httpd.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/httpd.c,v
retrieving revision 1.39
diff -u -p -u -r1.39 httpd.c
--- usr.sbin/httpd/httpd.c 20 Aug 2015 13:00:23 -0000 1.39
+++ usr.sbin/httpd/httpd.c 29 Sep 2015 09:34:57 -0000
@@ -247,6 +247,9 @@ main(int argc, char *argv[])
setproctitle("parent");
+ if (tame("malloc inet cmsg cpath rpath wpath proc ioctl", NULL) == -1)
+ err(1, "tame");
+
event_init();
signal_set(&ps->ps_evsigint, SIGINT, parent_sig_handler, ps);
Index: usr.sbin/httpd/logger.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/logger.c,v
retrieving revision 1.13
diff -u -p -u -r1.13 logger.c
--- usr.sbin/httpd/logger.c 20 Aug 2015 13:00:23 -0000 1.13
+++ usr.sbin/httpd/logger.c 28 Sep 2015 20:15:11 -0000
@@ -26,6 +26,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <err.h>
#include <fcntl.h>
#include <imsg.h>
@@ -70,6 +71,9 @@ logger_shutdown(void)
void
logger_init(struct privsep *ps, struct privsep_proc *p, void *arg)
{
+ if (tame("malloc cmsg", NULL) == -1)
+ err(1, "tame");
+
if (config_init(ps->ps_env) == -1)
fatal("failed to initialize configuration");
Index: usr.sbin/httpd/server.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/server.c,v
retrieving revision 1.80
diff -u -p -u -r1.80 server.c
--- usr.sbin/httpd/server.c 11 Sep 2015 13:21:09 -0000 1.80
+++ usr.sbin/httpd/server.c 28 Sep 2015 20:15:11 -0000
@@ -38,6 +38,7 @@
#include <string.h>
#include <syslog.h>
#include <unistd.h>
+#include <err.h>
#include <event.h>
#include <imsg.h>
#include <tls.h>
@@ -243,6 +244,14 @@ server_init(struct privsep *ps, struct p
/* Unlimited file descriptors (use system limits) */
socket_rlimit(-1);
+
+ /*
+ * XXX "inet" and "unix" are only needed for fcgi
+ * however if fcgi is used or not can change on config reload
+ * should we re-fork the children and tame again on reload
+ */
+ if (tame("malloc cmsg rpath proc inet unix ioctl", NULL) == -1)
+ err(1, "tame");
#if 0
/* Schedule statistics timer */
Index: usr.sbin/ntpd/ntp.c
===================================================================
RCS file: /cvs/src/usr.sbin/ntpd/ntp.c,v
retrieving revision 1.135
diff -u -p -u -r1.135 ntp.c
--- usr.sbin/ntpd/ntp.c 14 Aug 2015 02:00:18 -0000 1.135
+++ usr.sbin/ntpd/ntp.c 28 Sep 2015 20:15:11 -0000
@@ -30,6 +30,7 @@
#include <string.h>
#include <time.h>
#include <unistd.h>
+#include <err.h>
#include <tls.h>
#include "ntpd.h"
@@ -164,6 +165,10 @@ ntp_main(int pipe_prnt[2], int fd_ctl, s
fatal("can't drop privileges");
endservent();
+
+ /* XXX "dns" for constraint.c, which is forked off wrong parent? */
+ if (tame("stdio inet dns proc", NULL) == -1)
+ err(1, "tame");
signal(SIGTERM, ntp_sighdlr);
signal(SIGINT, ntp_sighdlr);
Index: usr.sbin/ntpd/ntp_dns.c
===================================================================
RCS file: /cvs/src/usr.sbin/ntpd/ntp_dns.c,v
retrieving revision 1.10
diff -u -p -u -r1.10 ntp_dns.c
--- usr.sbin/ntpd/ntp_dns.c 24 Mar 2015 18:25:27 -0000 1.10
+++ usr.sbin/ntpd/ntp_dns.c 28 Sep 2015 20:15:11 -0000
@@ -90,6 +90,9 @@ ntp_dns(int pipe_ntp[2], struct ntpd_con
fatal(NULL);
imsg_init(ibuf_dns, pipe_ntp[1]);
+ if (tame("dns rw", NULL) == -1)
+ err(1, "tame");
+
while (quit_dns == 0) {
pfd[0].fd = ibuf_dns->fd;
pfd[0].events = POLLIN;
Index: usr.sbin/ntpd/ntpd.c
===================================================================
RCS file: /cvs/src/usr.sbin/ntpd/ntpd.c,v
retrieving revision 1.94
diff -u -p -u -r1.94 ntpd.c
--- usr.sbin/ntpd/ntpd.c 18 Jul 2015 00:53:44 -0000 1.94
+++ usr.sbin/ntpd/ntpd.c 28 Sep 2015 20:15:11 -0000
@@ -196,6 +196,10 @@ main(int argc, char *argv[])
setproctitle("[priv]");
readfreq();
+// XXX missing: adjtime() to change time
+// if (tame("stdio unix proc", NULL) == -1)
+// err(1, "tame");
+
signal(SIGTERM, sighdlr);
signal(SIGINT, sighdlr);
signal(SIGHUP, sighdlr);
@@ -564,6 +568,9 @@ ctl_main(int argc, char *argv[])
errx(1, "ctl socket name too long");
if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1)
err(1, "connect: %s", sockname);
+
+ if (tame("stdio", NULL) != 0)
+ err(1, "tame");
if ((ibuf_ctl = malloc(sizeof(struct imsgbuf))) == NULL)
err(1, NULL);
Index: usr.sbin/relayd/ca.c
===================================================================
RCS file: /cvs/src/usr.sbin/relayd/ca.c,v
retrieving revision 1.13
diff -u -p -u -r1.13 ca.c
--- usr.sbin/relayd/ca.c 2 May 2015 13:15:24 -0000 1.13
+++ usr.sbin/relayd/ca.c 28 Sep 2015 20:15:11 -0000
@@ -23,6 +23,7 @@
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
+#include <err.h>
#include <imsg.h>
#include <openssl/bio.h>
@@ -73,6 +74,9 @@ ca(struct privsep *ps, struct privsep_pr
void
ca_init(struct privsep *ps, struct privsep_proc *p, void *arg)
{
+ if (tame("malloc rw cmsg", NULL) == -1)
+ err(1, "tame");
+
if (config_init(ps->ps_env) == -1)
fatal("failed to initialize configuration");
Index: usr.sbin/syslogd/syslogd.c
===================================================================
RCS file: /cvs/src/usr.sbin/syslogd/syslogd.c,v
retrieving revision 1.190
diff -u -p -u -r1.190 syslogd.c
--- usr.sbin/syslogd/syslogd.c 29 Sep 2015 03:19:23 -0000 1.190
+++ usr.sbin/syslogd/syslogd.c 29 Sep 2015 03:42:24 -0000
@@ -593,6 +593,9 @@ main(int argc, char *argv[])
if (priv_init(ConfFile, NoDNS, lockpipe[1], nullfd, argv) < 0)
errx(1, "unable to privsep");
+ if (tame("malloc rpath unix inet cmsg", NULL) == -1)
+ err(1, "tame");
+
/* Process is now unprivileged and inside a chroot */
event_init();
Index: usr.sbin/tcpdump/privsep.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/privsep.c,v
retrieving revision 1.35
diff -u -p -u -r1.35 privsep.c
--- usr.sbin/tcpdump/privsep.c 21 Aug 2015 02:07:32 -0000 1.35
+++ usr.sbin/tcpdump/privsep.c 28 Sep 2015 20:15:11 -0000
@@ -281,6 +281,8 @@ priv_init(int argc, char **argv)
case PRIV_INIT_DONE:
test_state(cmd, STATE_RUN);
impl_init_done(socks[0], &bpfd);
+ if (tame("malloc cmsg inet ioctl dns rpath", NULL) ==
-1)
+ err(1, "tame");
break;
case PRIV_GETHOSTBYADDR:
test_state(cmd, STATE_RUN);
Index: usr.sbin/tcpdump/tcpdump.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.c,v
retrieving revision 1.72
diff -u -p -u -r1.72 tcpdump.c
--- usr.sbin/tcpdump/tcpdump.c 14 Jul 2015 20:23:40 -0000 1.72
+++ usr.sbin/tcpdump/tcpdump.c 28 Sep 2015 20:15:11 -0000
@@ -490,6 +490,8 @@ main(int argc, char **argv)
if (tflag > 0)
thiszone = gmt2local(0);
+ if (tame("stdio", NULL) == -1)
+ err(1, "tame");
if (pcap_loop(pd, cnt, printer, pcap_userdata) < 0) {
(void)fprintf(stderr, "%s: pcap_loop: %s\n",
Index: usr.sbin/traceroute/traceroute.c
===================================================================
RCS file: /cvs/src/usr.sbin/traceroute/traceroute.c,v
retrieving revision 1.141
diff -u -p -u -r1.141 traceroute.c
--- usr.sbin/traceroute/traceroute.c 30 Aug 2015 22:10:57 -0000 1.141
+++ usr.sbin/traceroute/traceroute.c 28 Sep 2015 20:15:11 -0000
@@ -844,6 +844,14 @@ main(int argc, char *argv[])
sizeof(datalen)) < 0)
err(6, "SO_SNDBUF");
+ if (nflag) {
+ if (tame("stdio inet", NULL) == -1)
+ err(1, "tame");
+ } else {
+ if (tame("stdio inet dns", NULL) == -1)
+ err(1, "tame");
+ }
+
if (getnameinfo(to, to->sa_len, hbuf,
sizeof(hbuf), NULL, 0, NI_NUMERICHOST))
strlcpy(hbuf, "(invalid)", sizeof(hbuf));
