summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeah Rowe <leah@libreboot.org>2023-06-03 20:03:18 +0100
committerLeah Rowe <leah@libreboot.org>2023-06-03 21:03:21 +0100
commit94aa43d85750c676450e7ae0e29c06c861a126f8 (patch)
tree2374bfe984c62d435f104d51aa3a19fc0e9f85a1
parentdb63fcffb5ba30f7a0ed74ba9b437957592e6cb9 (diff)
util/nvmutil: call unveil earlier, and harden
The mentality behind pledge and unveil is that you should think ahead, so that large parts of code can run under extremely tight restrictions. The pledge calls have been adjusted accordingly, also. Disallow all unveil calls after the gbe file and the file /dev/urandom have been unveiled. Signed-off-by: Leah Rowe <leah@libreboot.org>
-rw-r--r--util/nvmutil/nvmutil.c17
1 files changed, 11 insertions, 6 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index e9eda943..2af10373 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -7,12 +7,19 @@ int
main(int argc, char *argv[])
{
xpledge("stdio rpath wpath unveil", NULL);
+ xunveil("/dev/urandom", "r");
err_if((errno = argc < 3 ? EINVAL : errno));
if ((flags = (strcmp(COMMAND, "dump") == 0) ? O_RDONLY : flags)
- == O_RDONLY)
- xpledge("stdio rpath unveil", NULL);
+ == O_RDONLY) {
+ xunveil(FILENAME, "r");
+ xpledge("stdio rpath", NULL);
+ } else {
+ xunveil(FILENAME, "rw");
+ xpledge("stdio rpath wpath", NULL);
+ }
openFiles(FILENAME);
xpledge("stdio", NULL);
+
for (int i = 0; i < 6; i++)
if (strcmp(COMMAND, op[i].str) == 0)
if ((cmd = argc >= op[i].args ? op[i].cmd : NULL))
@@ -23,9 +30,10 @@ main(int argc, char *argv[])
err_if((errno = (!((part = PARTNUM[0] - '0') == 0 || part == 1))
|| PARTNUM[1] ? EINVAL : errno));
err_if((errno = (cmd == NULL) ? EINVAL : errno));
- readGbeFile(FILENAME);
+ readGbeFile(FILENAME);
(*cmd)();
+
if ((gbeFileModified) && (flags != O_RDONLY))
writeGbeFile(FILENAME);
err_if((errno != 0) && (cmd != &cmd_dump));
@@ -41,9 +49,6 @@ openFiles(const char *path)
err(errno = ECANCELED, "File `%s` not 8KiB", path);
xopen(rfd, "/dev/urandom", O_RDONLY);
errno = errno != ENOTDIR ? errno : 0;
- xunveil("/dev/urandom", "r");
- if (flags != O_RDONLY)
- xunveil(path, "w");
}
void