"Anthony J. Bentley" writes:
> Gregor Best writes:
> > @@ -229,6 +230,14 @@ editor(GS *gp, int argc, char *argv[])
> > }
> > if (LF_ISSET(SC_EX) && F_ISSET(gp, G_SCRIPTED))
> > silent =3D 1;
> > +
> > + if (secure) {
> > + if (pledge("stdio rpath wpath cpath fattr flock tty", NULL))
> > + err(1, "pledge");
>
> I didn't include this chunk because currently even in -S mode you need
> proc/exec for cscope.
cscope is gone now, so this can be considered again.
vi uses the proc pledge for three reasons:
- uses kill() to suspend (^Z or :suspend)
- uses vfork() for filters (the ! command)
- uses vfork() for shell expansion
All three of these are disabled when the -S flag is set, so we can pledge
never to proc/exec in that case.
ok?
Index: common/main.c
===================================================================
RCS file: /cvs/src/usr.bin/vi/common/main.c,v
retrieving revision 1.28
diff -u -p -r1.28 main.c
--- common/main.c 15 Nov 2015 01:22:36 -0000 1.28
+++ common/main.c 19 Nov 2015 08:40:11 -0000
@@ -223,6 +223,11 @@ editor(GS *gp, int argc, char *argv[])
argc -= optind;
argv += optind;
+ if (secure && pledge("stdio rpath wpath cpath fattr flock getpw tty",
NULL) == -1) {
+ perror("pledge");
+ goto err;
+ }
+
/*
* -s option is only meaningful to ex.
*
