Hello!
Here is a patch with a pledge bugfix in netcat and some minor style
improvements.
An example of how to trigger the bug:
$ nc -Ptest -v -c blog.tintagel.pl 443
nc: pledge: Operation not permitted
credits to
* awolk@ for drawing attention to netcat.
* Juuso Lapinlampi for suggesting to alphabetically order the #includes.
* rajak for pointing out the missing space in the error message.
* brynet for pledge style improvements.
Index: usr.bin/nc/netcat.c
===================================================================
RCS file: /cvs/src/usr.bin/nc/netcat.c,v
retrieving revision 1.178
diff -u -p -u -p -r1.178 netcat.c
--- usr.bin/nc/netcat.c 9 Mar 2017 13:58:00 -0000 1.178
+++ usr.bin/nc/netcat.c 9 Jun 2017 21:16:25 -0000
@@ -53,8 +53,8 @@
#include <stdlib.h>
#include <string.h>
#include <time.h>
-#include <unistd.h>
#include <tls.h>
+#include <unistd.h>
#include "atomicio.h"
#define PORT_MAX 65535
@@ -340,7 +340,7 @@ main(int argc, char *argv[])
} else if (pledge("stdio inet dns sendfd", NULL) == -1)
err(1, "pledge");
} else if (Pflag) {
- if (pledge("stdio inet dns tty", NULL) == -1)
+ if (pledge("stdio rpath inet dns tty", NULL) == -1)
err(1, "pledge");
} else if (usetls) {
if (pledge("stdio rpath inet dns", NULL) == -1)
@@ -461,9 +461,9 @@ main(int argc, char *argv[])
if (usetls) {
if (Pflag) {
- if (pledge("stdio inet dns tty rpath", NULL) == -1)
+ if (pledge("stdio rpath inet dns tty", NULL) == -1)
err(1, "pledge");
- } else if (pledge("stdio inet dns rpath", NULL) == -1)
+ } else if (pledge("stdio rpath inet dns", NULL) == -1)
err(1, "pledge");
if (tls_init() == -1)
@@ -492,7 +492,7 @@ main(int argc, char *argv[])
if (TLSopt & TLS_NOVERIFY) {
if (tls_expecthash != NULL)
errx(1, "-H and -T noverify may not be used"
- "together");
+ " together");
tls_config_insecure_noverifycert(tls_cfg);
}
if (TLSopt & TLS_MUSTSTAPLE)