Re: tighten pledge(2) a little further on spamdb(8)

Thu, 26 Jul 2018 09:42:44 -0700 

correct, still works only with stdio.

if/else can go away and we can just callpledge stdio unconditionally.

Index: spamdb.c
===================================================================
RCS file: /cvs/src/usr.sbin/spamdb/spamdb.c,v
retrieving revision 1.34
diff -u -p -u -r1.34 spamdb.c
--- spamdb.c    29 Oct 2017 19:11:34 -0000      1.34
+++ spamdb.c    26 Jul 2018 16:39:31 -0000
@@ -368,13 +368,8 @@ main(int argc, char **argv)
                    action ? "writing" : "reading");
        }
 
-       if (action == 0) {
-               if (pledge("stdio rpath", NULL) == -1)
-                       err(1, "pledge");
-       } else {
-               if (pledge("stdio rpath wpath", NULL) == -1)
-                       err(1, "pledge");
-       }
+       if (pledge("stdio", NULL) == -1)
+               err(1, "pledge");
 
        switch (action) {
        case 0:

On 18:02 Thu 26 Jul     , Sebastien Marie wrote:
> On Thu, Jul 26, 2018 at 03:40:52PM +0100, Ricardo Mestre wrote:
> > Hi,
> > 
> > After the DB is already opened we won't need to read it anymore so rpath
> > can go away, we still just need wpath in the case we are adding/removing
> > entries in the DB.
> > 
> 
> I am a bit unsure with spamdb code, but it seems to me that the sole
> open(2) call in the program is done by dbopen() ? and all db* functions
> (dbupdate(), dbprint(), ...) are read(2) or write(2) on the opened file
> descriptor ?
> 
> 'rpath' or 'wpath' doesn't forbid read(2) or write(2) calls. They forbids
> the opening of a new descriptor with O_RD or O_WR respectively.
> 
> Here, once dbopen() is called, you should be able to pledge("stdio",
> NULL), and dbupdate() should still work.
> 
> please let me know if it isn't the case.
> 
> > 
> > Index: spamdb.c
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/spamdb/spamdb.c,v
> > retrieving revision 1.34
> > diff -u -p -u -r1.34 spamdb.c
> > --- spamdb.c        29 Oct 2017 19:11:34 -0000      1.34
> > +++ spamdb.c        26 Jul 2018 14:36:58 -0000
> > @@ -369,10 +369,10 @@ main(int argc, char **argv)
> >     }
> >  
> >     if (action == 0) {
> > -           if (pledge("stdio rpath", NULL) == -1)
> > +           if (pledge("stdio", NULL) == -1)
> >                     err(1, "pledge");
> >     } else {
> > -           if (pledge("stdio rpath wpath", NULL) == -1)
> > +           if (pledge("stdio wpath", NULL) == -1)
> >                     err(1, "pledge");
> >     }
> > 
> 
> -- 
> Sebastien Marie

Reply via email to