look(1) will access /usr/share/dict/words to look for the string we want, or it

may access another file instead if we mention it via argument. In order to know which file to unveil(2) we need to push down pledge(2) a little bit after getopt(3) and now that we know the name of the file we can unveil(2) it only with read permissions. OK deraadt@
2025-01-10 06:47:55 -08:00 · 2018-08-11 11:00:34 +00:00 · 2018-08-11 11:00:34 +00:00 · 0444232b42
commit 0444232b42
parent 0303d6a701
1 changed files with 6 additions and 4 deletions
--- a/usr.bin/look/look.c
+++ b/usr.bin/look/look.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: look.c,v 1.21 2017/01/21 10:03:27 krw Exp $	*/
+/*	$OpenBSD: look.c,v 1.22 2018/08/11 11:00:34 mestre Exp $	*/
 /*	$NetBSD: look.c,v 1.7 1995/08/31 22:41:02 jtc Exp $	*/

 /*-
@ -77,9 +77,6 @@ main(int argc, char *argv[])
 	int ch, fd, termchar;
 	char *back, *file, *front, *string, *p;

-	if (pledge("stdio rpath", NULL) == -1)
-		err(1, "pledge");
-
 	file = _PATH_WORDS;
 	termchar = '\0';
 	while ((ch = getopt(argc, argv, "dft:")) != -1)
@ -113,6 +110,11 @@ main(int argc, char *argv[])
 		usage();
 	}

+	if (unveil(file, "r") == -1)
+		err(2, "unveil");
+	if (pledge("stdio rpath", NULL) == -1)
+		err(2, "pledge");
+
 	if (termchar != '\0' && (p = strchr(string, termchar)) != NULL)
 		*++p = '\0';