On Fri, May 04, 2018 at 09:03:38AM +0200, Alexandre Ratchov wrote:
> Thanks. The promise list to use audio and/or midi is in the
> sio_open(2) man page, so the following seem to be needed: stdio,
> audio, rpath, wpath, cpath, unix, inet, dns.
>
> aucat could be pledged() since the very beginning; imho this makes
> sense as the "risky" part is slot_new(), when file headers are parsed.
>
Ah! You're right, I've only been able to test this again the local
sndiod(8). I moved the inital pledge to the top but kept the one for
offline mode. I'm not sure if pledge is meant to be used so far down in
a program, but I drop all pledges except stdio and audio once
sio_open(2) is finished.
Regards,
Jesper Wallin
Index: aucat.c
===================================================================
RCS file: /cvs/src/usr.bin/aucat/aucat.c,v
retrieving revision 1.172
diff -u -p -r1.172 aucat.c
--- aucat.c 7 Nov 2017 11:39:24 -0000 1.172
+++ aucat.c 4 May 2018 09:41:58 -0000
@@ -14,6 +14,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#include <err.h>
#include <errno.h>
#include <limits.h>
#include <poll.h>
@@ -1160,6 +1161,8 @@ playrec(char *dev, int mode, int bufsz,
if (!dev_open(dev, mode, bufsz, port))
return 0;
+ if (pledge("stdio audio", NULL) == -1)
+ err(1, "pledge");
n = sio_nfds(dev_sh);
if (dev_mh)
n += mio_nfds(dev_mh);
@@ -1364,6 +1367,9 @@ main(int argc, char **argv)
int n_flag, c;
long long pos;
+ if (pledge("stdio rpath wpath cpath inet unix dns audio", NULL) == -1)
+ err(1, "pledge");
+
vol = 127;
dup = 0;
bufsz = 0;
@@ -1461,6 +1467,8 @@ main(int argc, char **argv)
log_puts("both -i and -o required\n");
return 1;
}
+ if (pledge("stdio rpath wpath cpath", NULL) == -1)
+ err(1, "pledge");
if (!offline())
return 1;
} else {
