Gregor Best writes:
> Hi people,
>
> inspired by someone on Hackernews talking about how hard it would be to
> properly pledge an editor, here's a patch to pledge Vi and Ex.
I'd like to investigate the ideas you mentioned: disabling proc/exec with
-S and making -R actually read-only. But both of those would require
some significant changes--so let's start sending patches and discussing
them, but first I want to get this pledge (equivalent to mg's) in ASAP.
I've been using this for a few days now. Anything I missed? Tests? oks?
Index: common/main.c
===================================================================
RCS file: /cvs/src/usr.bin/vi/common/main.c,v
retrieving revision 1.26
diff -u -p -r1.26 main.c
--- common/main.c 20 Nov 2014 08:50:53 -0000 1.26
+++ common/main.c 14 Nov 2015 15:47:09 -0000
@@ -55,6 +55,11 @@ editor(GS *gp, int argc, char *argv[])
int ch, flagchk, lflag, secure, startup, readonly, rval, silent;
char *tag_f, *wsizearg, path[256];
+ if (pledge("stdio rpath wpath cpath fattr getpw proc exec tty", NULL)
== -1) {
+ perror("pledge");
+ goto err;
+ }
+
static const char *optstr[3] = {
#ifdef DEBUG
"c:D:FlRrSsT:t:vw:",
