On Tue, Sep 25, 2018 at 05:25:54PM +0200, Sebastien Marie wrote:
> On Tue, Sep 25, 2018 at 11:15:43PM +0800, Michael Mikonos wrote:
> > On Tue, Sep 25, 2018 at 03:22:38PM +0100, Ricardo Mestre wrote:
> > > This is an example of better to start at just hoisting the code that
> > > opens the many fds and put them all inside open_files(). After that it's
> > > just a matter of calling pledge("stdio") and we are done.
> > >
> > > Of course that after this is done we can still make a list of all the
> > > files
> > > we need to open and unveil them, but not the way it's done here.
> > >
> > > Once I get back home from $DAYJOB I'll try to have a look at this.
> >
> > After open_files() the wpath pledge can be dropped. rpath is still
> > needed because /tmp files are reopened for read in output(). cpath
> > is needed because /tmp files are unlinked at the end. This patch
> > adds a pledge call, but is it better to just move the first pledge()
> > down?
> >
>
> you could try with the "tmppath" promise. I will allow opening/creating
> files on /tmp and unlinking them (but not sure it will cover all yacc
> need as it is designed for mkstemp(3) family). Unveil for such
> operations are fine too, without explicit unveil(2) call.
>
Ah, I see what you mean. pledging "tmppath" is kind of like unveil
because the allowed operations only work under /tmp.
It's possible to do this after calling open_files() because the only
files (re)opened later are in /tmp.
Index: main.c
===================================================================
RCS file: /cvs/src/usr.bin/yacc/main.c,v
retrieving revision 1.29
diff -u -p -u -r1.29 main.c
--- main.c 25 May 2017 20:11:03 -0000 1.29
+++ main.c 25 Sep 2018 15:38:18 -0000
@@ -346,12 +346,16 @@ open_files(void)
int
main(int argc, char *argv[])
{
- if (pledge("stdio rpath wpath cpath", NULL) == -1)
+ if (pledge("stdio rpath wpath cpath tmppath", NULL) == -1)
fatal("pledge: invalid arguments");
set_signals();
getargs(argc, argv);
open_files();
+
+ if (pledge("stdio rpath tmppath", NULL) == -1)
+ fatal("pledge: invalid arguments");
+
reader();
lr0();
lalr();
