Hi,
If input_name is provided we can unveil it with read permissions, if
output_name is provided we need to unveil this one with rwc. Additionally
depending on the different combinations of if these files are passed via args
or from stdin/to stdout we can also pledge accordingly to the code path. This
has been tested succefully with bdf fonts we have bundled in xenocara.
Since I have several other X apps unveiled and/or pledged could you please
comment not only with the unveil/pledge part, but also err vs fprintf/exit, the
placement of the #includes and also tabs vs spaces?
Index: bdftopcf.c
===================================================================
RCS file: /cvs/xenocara/app/bdftopcf/bdftopcf.c,v
retrieving revision 1.5
diff -u -p -u -r1.5 bdftopcf.c
--- bdftopcf.c 29 Mar 2018 20:34:30 -0000 1.5
+++ bdftopcf.c 24 Oct 2018 10:15:41 -0000
@@ -38,7 +38,9 @@ from The Open Group.
#include "fntfil.h"
#include "bdfint.h"
#include "pcf.h"
+#include <err.h>
#include <stdio.h>
+#include <unistd.h>
#include <X11/Xos.h>
int
@@ -158,6 +160,26 @@ main(int argc, char *argv[])
}
argv++;
}
+
+ if (input_name) {
+ if (unveil(input_name, "r") == -1)
+ err(1, "unveil");
+ }
+ if (output_name) {
+ if (unveil(output_name, "rwc") == -1)
+ err(1, "unveil");
+ if (pledge("stdio rpath wpath cpath", NULL) == -1)
+ err(1, "pledge");
+ }
+ if (input_name && !output_name) {
+ if (pledge("stdio rpath", NULL) == -1)
+ err(1, "pledge");
+ }
+ if (!input_name && !output_name) {
+ if (pledge("stdio", NULL) == -1)
+ err(1, "pledge");
+ }
+
if (input_name) {
input = FontFileOpen(input_name);
if (!input) {
