Re: nc: missing rpath pledge for -P

Fri, 09 Jun 2017 14:56:09 -0700 

On Fri, Jun 09, 2017 at 11:54:03PM +0200, Adam Wolk wrote:
> On Fri, Jun 09, 2017 at 09:28:29PM +0000, [email protected] wrote:
> > Hello!
> > 
> > Here is a patch with a pledge bugfix in netcat and some minor style
> > improvements.
> > 
> > An example of how to trigger the bug:
> > 
> > $ nc -Ptest -v -c blog.tintagel.pl 443
> > nc: pledge: Operation not permitted
> > 
> > credits to
> > * awolk@ for drawing attention to netcat.
> > * Juuso Lapinlampi for suggesting to alphabetically order the #includes.
> > * rajak for pointing out the missing space in the error message.
> > * brynet for pledge style improvements.
> > 
> > 
> 
> OK awolk@ for the updated diff (I'm attaching it inline).

forgot the diff

Index: usr.bin/nc/netcat.c
===================================================================
RCS file: /cvs/src/usr.bin/nc/netcat.c,v
retrieving revision 1.178
diff -u -p -u -p -r1.178 netcat.c
--- usr.bin/nc/netcat.c 9 Mar 2017 13:58:00 -0000       1.178
+++ usr.bin/nc/netcat.c 9 Jun 2017 21:16:25 -0000
@@ -53,8 +53,8 @@
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
-#include <unistd.h>
 #include <tls.h>
+#include <unistd.h>
 #include "atomicio.h"
 
 #define PORT_MAX       65535
@@ -340,7 +340,7 @@ main(int argc, char *argv[])
                } else if (pledge("stdio inet dns sendfd", NULL) == -1)
                        err(1, "pledge");
        } else if (Pflag) {
-               if (pledge("stdio inet dns tty", NULL) == -1)
+               if (pledge("stdio rpath inet dns tty", NULL) == -1)
                        err(1, "pledge");
        } else if (usetls) {
                if (pledge("stdio rpath inet dns", NULL) == -1)
@@ -461,9 +461,9 @@ main(int argc, char *argv[])
 
        if (usetls) {
                if (Pflag) {
-                       if (pledge("stdio inet dns tty rpath", NULL) == -1)
+                       if (pledge("stdio rpath inet dns tty", NULL) == -1)
                                err(1, "pledge");
-               } else if (pledge("stdio inet dns rpath", NULL) == -1)
+               } else if (pledge("stdio rpath inet dns", NULL) == -1)
                        err(1, "pledge");
 
                if (tls_init() == -1)
@@ -492,7 +492,7 @@ main(int argc, char *argv[])
                if (TLSopt & TLS_NOVERIFY) {
                        if (tls_expecthash != NULL)
                                errx(1, "-H and -T noverify may not be used"
-                                   "together");
+                                   " together");
                        tls_config_insecure_noverifycert(tls_cfg);
                }
                if (TLSopt & TLS_MUSTSTAPLE)

Reply via email to