Ah, right. OK deraadt
Ricardo Mestre <mestre.open...@sapo.pt> wrote: > the semantics should be to call unveil on something before the NULL,NULL > otherwise nothing will get unveiled, maybe bob disagrees? :) > > regarding the weird behaviour well there are other programs with the same > issue, see pfctl, it accepts several configs but only stops loading if one > of them is bogus. > > On 10:21 Sat 23 Oct , Theo de Raadt wrote: > > But the -f file is opened above your proposed unveil() addition. So I think > > you only need unveil(NULL,NULL). > > > > While here, I see a different weird problem: > > > > stty -f file -f dsaf -f dsaf -f sadf -f asdf -f sadf > > > > You can pass lots of -f options, and stty will leak them the fd's. I > > suspect it can hit the fd limit before it hits the argv limit. Anyways > > just a strange behaviour. > > > > > > Ricardo Mestre <mestre.open...@sapo.pt> wrote: > > > > > stty(1) can't be pledged for all modes, but it can be unveiled. the only > > > file to > > > be opened is on stty -f `file', so call unveil(2) afterwards to restrict > > > all fs > > > access. tested with all arguments through ktrace/kdump. > > > > > > ok? > > > > > > Index: stty.c > > > =================================================================== > > > RCS file: /cvs/src/bin/stty/stty.c,v > > > retrieving revision 1.21 > > > diff -u -p -u -r1.21 stty.c > > > --- stty.c 28 Jun 2019 13:35:00 -0000 1.21 > > > +++ stty.c 23 Oct 2021 15:52:46 -0000 > > > @@ -82,6 +82,11 @@ main(int argc, char *argv[]) > > > args: argc -= optind; > > > argv += optind; > > > > > > + if (unveil("/", "") == -1) > > > + err(1, "unveil /"); > > > + if (unveil(NULL, NULL) == -1) > > > + err(1, "unveil"); > > > + > > > if (ioctl(i.fd, TIOCGETD, &i.ldisc) == -1) > > > err(1, "TIOCGETD"); > > > > > > > > >