Hello,
I haven't tried using unveil() before but yacc cleanly annotates
all the files it needs in open_files(). The options -d -r -v each
cause an extra file to be written. unveil() is only needed for
the input file if not reading from stdin. Temporary files are
always under /tmp because TMPDIR environment variable was previously
removed. OK, or any suggestions?
- Michael
Index: main.c
===================================================================
RCS file: /cvs/src/usr.bin/yacc/main.c,v
retrieving revision 1.29
diff -u -p -u -r1.29 main.c
--- main.c 25 May 2017 20:11:03 -0000 1.29
+++ main.c 25 Sep 2018 03:43:23 -0000
@@ -305,10 +305,12 @@ open_files(void)
create_file_names();
if (input_file == 0) {
+ unveil(input_file_name, "r");
input_file = fopen(input_file_name, "r");
if (input_file == 0)
open_error(input_file_name);
}
+ unveil("/tmp", "crw");
fd = mkstemp(action_file_name);
if (fd == -1 || (action_file = fdopen(fd, "w")) == NULL)
open_error(action_file_name);
@@ -318,11 +320,13 @@ open_files(void)
open_error(text_file_name);
if (vflag) {
+ unveil(verbose_file_name, "cw");
verbose_file = fopen(verbose_file_name, "w");
if (verbose_file == 0)
open_error(verbose_file_name);
}
if (dflag) {
+ unveil(defines_file_name, "cw");
defines_file = fopen(defines_file_name, "w");
if (defines_file == NULL)
open_write_error(defines_file_name);
@@ -330,23 +334,26 @@ open_files(void)
if (fd == -1 || (union_file = fdopen(fd, "w")) == NULL)
open_error(union_file_name);
}
+ unveil(output_file_name, "cw");
output_file = fopen(output_file_name, "w");
if (output_file == 0)
open_error(output_file_name);
if (rflag) {
+ unveil(code_file_name, "cw");
code_file = fopen(code_file_name, "w");
if (code_file == 0)
open_error(code_file_name);
} else
code_file = output_file;
+ unveil(NULL, NULL);
}
int
main(int argc, char *argv[])
{
- if (pledge("stdio rpath wpath cpath", NULL) == -1)
+ if (pledge("stdio rpath wpath cpath unveil", NULL) == -1)
fatal("pledge: invalid arguments");
set_signals();
