Ricardo Mestre
2016-02-01 07:59:21 UTC
Hi tech@,
Please find below a pledge(2) for talk(1)/talkd(8)
talkd(8):
rpath: fopen(3) _PATH_UTMP in read mode
wpath/cpath: fopen(3) full_tty in write mode (w), which implies O_CREAT
inet/dns: the intervening hosts in the conversation may remote, or not, but
since we will never know beforehand then it'll always need inet and dns to
resolve the hostnames
talk(1):
At the beginning the largest pledge is the following:
rpath: read /etc/hosts (gethostbyname(3)) and /etc/services (getservbyname(3))
inet/dns: talk may need to connect to a remote host and resolve it
getpw: if getlogin(2) fails then it needs getpwuid(3) as a fallback
tty: this is a typical tty application, so it'll always need this annotation
Then just before the application main loop check if the talk is with local user
so it only needs "stdio tty", if it's remote then it needs "stdio inet tty".
Comments?
Index: libexec/talkd/talkd.c
===================================================================
RCS file: /cvs/src/libexec/talkd/talkd.c,v
retrieving revision 1.24
diff -u -p -u -r1.24 talkd.c
--- libexec/talkd/talkd.c 1 Feb 2016 07:25:51 -0000 1.24
+++ libexec/talkd/talkd.c 1 Feb 2016 07:48:42 -0000
@@ -81,6 +81,11 @@ main(int argc, char *argv[])
signal(SIGALRM, timeout);
alarm(TIMEOUT);
+ if (pledge("stdio rpath wpath cpath inet dns", NULL) == -1) {
+ syslog(LOG_ERR, "pledge: %m");
+ _exit(1);
+ }
+
for (;;) {
CTL_RESPONSE response;
socklen_t len = sizeof(response.addr);
Index: usr.bin/talk/talk.c
===================================================================
RCS file: /cvs/src/usr.bin/talk/talk.c,v
retrieving revision 1.10
diff -u -p -u -r1.10 talk.c
--- usr.bin/talk/talk.c 1 Feb 2016 07:29:25 -0000 1.10
+++ usr.bin/talk/talk.c 1 Feb 2016 07:48:48 -0000
@@ -35,6 +35,7 @@
#include <unistd.h>
#include "talk.h"
+#include "talk_ctl.h"
/*
* talk: A visual form of write. Using sockets, a two way
@@ -53,6 +54,9 @@
int
main(int argc, char *argv[])
{
+ if (pledge("stdio rpath inet dns getpw tty", NULL) == -1)
+ err(1, "pledge");
+
get_names(argc, argv);
init_display();
open_ctl();
@@ -62,6 +66,15 @@ main(int argc, char *argv[])
invite_remote();
end_msgs();
set_edit_chars();
+
+ if (his_machine_addr.s_addr == my_machine_addr.s_addr) {
+ if (pledge("stdio tty", NULL) == -1)
+ err(1, "pledge");
+ } else {
+ if (pledge("stdio inet tty", NULL) == -1)
+ err(1, "pledge");
+ }
+
talk();
return (0);
}
Please find below a pledge(2) for talk(1)/talkd(8)
talkd(8):
rpath: fopen(3) _PATH_UTMP in read mode
wpath/cpath: fopen(3) full_tty in write mode (w), which implies O_CREAT
inet/dns: the intervening hosts in the conversation may remote, or not, but
since we will never know beforehand then it'll always need inet and dns to
resolve the hostnames
talk(1):
At the beginning the largest pledge is the following:
rpath: read /etc/hosts (gethostbyname(3)) and /etc/services (getservbyname(3))
inet/dns: talk may need to connect to a remote host and resolve it
getpw: if getlogin(2) fails then it needs getpwuid(3) as a fallback
tty: this is a typical tty application, so it'll always need this annotation
Then just before the application main loop check if the talk is with local user
so it only needs "stdio tty", if it's remote then it needs "stdio inet tty".
Comments?
Index: libexec/talkd/talkd.c
===================================================================
RCS file: /cvs/src/libexec/talkd/talkd.c,v
retrieving revision 1.24
diff -u -p -u -r1.24 talkd.c
--- libexec/talkd/talkd.c 1 Feb 2016 07:25:51 -0000 1.24
+++ libexec/talkd/talkd.c 1 Feb 2016 07:48:42 -0000
@@ -81,6 +81,11 @@ main(int argc, char *argv[])
signal(SIGALRM, timeout);
alarm(TIMEOUT);
+ if (pledge("stdio rpath wpath cpath inet dns", NULL) == -1) {
+ syslog(LOG_ERR, "pledge: %m");
+ _exit(1);
+ }
+
for (;;) {
CTL_RESPONSE response;
socklen_t len = sizeof(response.addr);
Index: usr.bin/talk/talk.c
===================================================================
RCS file: /cvs/src/usr.bin/talk/talk.c,v
retrieving revision 1.10
diff -u -p -u -r1.10 talk.c
--- usr.bin/talk/talk.c 1 Feb 2016 07:29:25 -0000 1.10
+++ usr.bin/talk/talk.c 1 Feb 2016 07:48:48 -0000
@@ -35,6 +35,7 @@
#include <unistd.h>
#include "talk.h"
+#include "talk_ctl.h"
/*
* talk: A visual form of write. Using sockets, a two way
@@ -53,6 +54,9 @@
int
main(int argc, char *argv[])
{
+ if (pledge("stdio rpath inet dns getpw tty", NULL) == -1)
+ err(1, "pledge");
+
get_names(argc, argv);
init_display();
open_ctl();
@@ -62,6 +66,15 @@ main(int argc, char *argv[])
invite_remote();
end_msgs();
set_edit_chars();
+
+ if (his_machine_addr.s_addr == my_machine_addr.s_addr) {
+ if (pledge("stdio tty", NULL) == -1)
+ err(1, "pledge");
+ } else {
+ if (pledge("stdio inet tty", NULL) == -1)
+ err(1, "pledge");
+ }
+
talk();
return (0);
}