the semantics should be to call unveil on something before the NULL,NULL otherwise nothing will get unveiled, maybe bob disagrees? :)
regarding the weird behaviour well there are other programs with the same issue, see pfctl, it accepts several configs but only stops loading if one of them is bogus. On 10:21 Sat 23 Oct , Theo de Raadt wrote: > But the -f file is opened above your proposed unveil() addition. So I think > you only need unveil(NULL,NULL). > > While here, I see a different weird problem: > > stty -f file -f dsaf -f dsaf -f sadf -f asdf -f sadf > > You can pass lots of -f options, and stty will leak them the fd's. I > suspect it can hit the fd limit before it hits the argv limit. Anyways > just a strange behaviour. > > > Ricardo Mestre <[email protected]> wrote: > > > stty(1) can't be pledged for all modes, but it can be unveiled. the only > > file to > > be opened is on stty -f `file', so call unveil(2) afterwards to restrict > > all fs > > access. tested with all arguments through ktrace/kdump. > > > > ok? > > > > Index: stty.c > > =================================================================== > > RCS file: /cvs/src/bin/stty/stty.c,v > > retrieving revision 1.21 > > diff -u -p -u -r1.21 stty.c > > --- stty.c 28 Jun 2019 13:35:00 -0000 1.21 > > +++ stty.c 23 Oct 2021 15:52:46 -0000 > > @@ -82,6 +82,11 @@ main(int argc, char *argv[]) > > args: argc -= optind; > > argv += optind; > > > > + if (unveil("/", "") == -1) > > + err(1, "unveil /"); > > + if (unveil(NULL, NULL) == -1) > > + err(1, "unveil"); > > + > > if (ioctl(i.fd, TIOCGETD, &i.ldisc) == -1) > > err(1, "TIOCGETD"); > > > > >
