On Tue, Sep 25, 2018 at 03:22:38PM +0100, Ricardo Mestre wrote:
> This is an example of better to start at just hoisting the code that
> opens the many fds and put them all inside open_files(). After that it's
> just a matter of calling pledge("stdio") and we are done.
>
> Of course that after this is done we can still make a list of all the files
> we need to open and unveil them, but not the way it's done here.
>
> Once I get back home from $DAYJOB I'll try to have a look at this.
After open_files() the wpath pledge can be dropped. rpath is still
needed because /tmp files are reopened for read in output(). cpath
is needed because /tmp files are unlinked at the end. This patch
adds a pledge call, but is it better to just move the first pledge()
down?
Index: main.c
===================================================================
RCS file: /cvs/src/usr.bin/yacc/main.c,v
retrieving revision 1.29
diff -u -p -u -r1.29 main.c
--- main.c 25 May 2017 20:11:03 -0000 1.29
+++ main.c 25 Sep 2018 15:07:35 -0000
@@ -352,6 +352,10 @@ main(int argc, char *argv[])
set_signals();
getargs(argc, argv);
open_files();
+
+ if (pledge("stdio rpath cpath", NULL) == -1)
+ fatal("pledge: invalid arguments");
+
reader();
lr0();
lalr();
