On 2023/11/02 03:25:28 +0000, Klemens Nanni <kn@openbsd.org> wrote:
> Start with "rpath inet dns", drop "rpath" after config file is read.
> No files are created/written/modified, nothing is executed.
>
> dict.c first builds a list of commands and then works through it,
> meaning there is no up-front connection setup and network happens
> ouf of the processing loop, so no trivial way of dropping "inet dns"
> earlier.
>
> 'nm ./dict' shows 'U popen', but that comes from dictd(8) code in
> the common parse.c; removing it from parse.c and rebuilding dict
> works as expected and the symbol disappear, i.e. it isn't used.
>
> Feedback? OK?
ok op@
nit below
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-dict_c 1 Nov 2023 17:33:14 -0000
> @@ -0,0 +1,39 @@
> +pledge dict(1)
> +
> +Index: dict.c
> +--- dict.c.orig
> ++++ dict.c
> +@@ -22,6 +22,8 @@
> + #include "parse.h"
> + #include "md5.h"
> + #include <stdarg.h>
> ++#include <unistd.h>
> ++#include <err.h>
no need to include err.h
> + extern int yy_flex_debug;
> + lst_List dict_Servers;
> +@@ -1375,6 +1377,11 @@ int main( int argc, char **argv )
> + dict_output = stdout;
> + dict_error = stderr;
> +
> ++#ifdef __OpenBSD__
> ++ if (pledge("stdio rpath inet dns", NULL) == -1)
> ++ err_fatal_errno(__func__, "pledge");
> ++
No comments:
Post a Comment