Ah, right. OK deraadt
Ricardo Mestre <mestre.open...@sapo.pt> wrote:
> the semantics should be to call unveil on something before the NULL,NULL
> otherwise nothing will get unveiled, maybe bob disagrees? :)
>
> regarding the weird behaviour well there are other programs with the same
> issue, see pfctl, it accepts several configs but only stops loading if one
> of them is bogus.
>
> On 10:21 Sat 23 Oct , Theo de Raadt wrote:
> > But the -f file is opened above your proposed unveil() addition. So I think
> > you only need unveil(NULL,NULL).
> >
> > While here, I see a different weird problem:
> >
> > stty -f file -f dsaf -f dsaf -f sadf -f asdf -f sadf
> >
> > You can pass lots of -f options, and stty will leak them the fd's. I
> > suspect it can hit the fd limit before it hits the argv limit. Anyways
> > just a strange behaviour.
> >
> >
> > Ricardo Mestre <mestre.open...@sapo.pt> wrote:
> >
> > > stty(1) can't be pledged for all modes, but it can be unveiled. the only
> > > file to
> > > be opened is on stty -f `file', so call unveil(2) afterwards to restrict
> > > all fs
> > > access. tested with all arguments through ktrace/kdump.
> > >
> > > ok?
> > >
> > > Index: stty.c
> > > ===================================================================
> > > RCS file: /cvs/src/bin/stty/stty.c,v
> > > retrieving revision 1.21
> > > diff -u -p -u -r1.21 stty.c
> > > --- stty.c 28 Jun 2019 13:35:00 -0000 1.21
> > > +++ stty.c 23 Oct 2021 15:52:46 -0000
> > > @@ -82,6 +82,11 @@ main(int argc, char *argv[])
> > > args: argc -= optind;
> > > argv += optind;
> > >
> > > + if (unveil("/", "") == -1)
> > > + err(1, "unveil /");
> > > + if (unveil(NULL, NULL) == -1)
> > > + err(1, "unveil");
> > > +
> > > if (ioctl(i.fd, TIOCGETD, &i.ldisc) == -1)
> > > err(1, "TIOCGETD");
> > >
> > >
> >
>
