unveil of _PATH_DEVDB "/var/run/dev.db" can be done before pledge for

use by ttyname, no other files are accessed after that.
2025-01-10 06:47:55 -08:00 · 2018-08-03 06:55:41 +00:00 · 2018-08-03 06:55:41 +00:00 · ed3a953df5
commit ed3a953df5
parent 4d5b013993
1 changed files with 7 additions and 4 deletions
--- a/usr.bin/tty/tty.c
+++ b/usr.bin/tty/tty.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: tty.c,v 1.10 2015/10/12 19:56:47 naddy Exp $	*/
+/*	$OpenBSD: tty.c,v 1.11 2018/08/03 06:55:41 deraadt Exp $	*/
 /*	$NetBSD: tty.c,v 1.4 1994/12/07 00:46:57 jtc Exp $	*/

 /*
@ -33,6 +33,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <paths.h>
 #include <err.h>

 static void usage(void);
@ -43,9 +44,6 @@ main(int argc, char *argv[])
 	int ch, sflag;
 	char *t;

-	if (pledge("stdio rpath", NULL) == -1)
-		err(1, "pledge");
-
 	sflag = 0;
 	while ((ch = getopt(argc, argv, "s")) != -1) {
 		switch(ch) {
@ -59,6 +57,11 @@ main(int argc, char *argv[])
 		}
 	}

+	if (unveil(_PATH_DEVDB, "r") == -1)
+		err(1, "unveil");
+	if (pledge("stdio rpath", NULL) == -1)
+		err(1, "pledge");
+
 	t = ttyname(STDIN_FILENO);
 	if (!sflag)
 		puts(t ? t : "not a tty");