diff options
author | Leah Rowe <leah@libreboot.org> | 2023-06-03 20:03:18 +0100 |
---|---|---|
committer | Leah Rowe <leah@libreboot.org> | 2023-06-03 21:03:21 +0100 |
commit | 94aa43d85750c676450e7ae0e29c06c861a126f8 (patch) | |
tree | 2374bfe984c62d435f104d51aa3a19fc0e9f85a1 | |
parent | db63fcffb5ba30f7a0ed74ba9b437957592e6cb9 (diff) |
util/nvmutil: call unveil earlier, and harden
The mentality behind pledge and unveil is that you should
think ahead, so that large parts of code can run under
extremely tight restrictions.
The pledge calls have been adjusted accordingly, also.
Disallow all unveil calls after the gbe file and the
file /dev/urandom have been unveiled.
Signed-off-by: Leah Rowe <leah@libreboot.org>
-rw-r--r-- | util/nvmutil/nvmutil.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c index e9eda943..2af10373 100644 --- a/util/nvmutil/nvmutil.c +++ b/util/nvmutil/nvmutil.c @@ -7,12 +7,19 @@ int main(int argc, char *argv[]) { xpledge("stdio rpath wpath unveil", NULL); + xunveil("/dev/urandom", "r"); err_if((errno = argc < 3 ? EINVAL : errno)); if ((flags = (strcmp(COMMAND, "dump") == 0) ? O_RDONLY : flags) - == O_RDONLY) - xpledge("stdio rpath unveil", NULL); + == O_RDONLY) { + xunveil(FILENAME, "r"); + xpledge("stdio rpath", NULL); + } else { + xunveil(FILENAME, "rw"); + xpledge("stdio rpath wpath", NULL); + } openFiles(FILENAME); xpledge("stdio", NULL); + for (int i = 0; i < 6; i++) if (strcmp(COMMAND, op[i].str) == 0) if ((cmd = argc >= op[i].args ? op[i].cmd : NULL)) @@ -23,9 +30,10 @@ main(int argc, char *argv[]) err_if((errno = (!((part = PARTNUM[0] - '0') == 0 || part == 1)) || PARTNUM[1] ? EINVAL : errno)); err_if((errno = (cmd == NULL) ? EINVAL : errno)); - readGbeFile(FILENAME); + readGbeFile(FILENAME); (*cmd)(); + if ((gbeFileModified) && (flags != O_RDONLY)) writeGbeFile(FILENAME); err_if((errno != 0) && (cmd != &cmd_dump)); @@ -41,9 +49,6 @@ openFiles(const char *path) err(errno = ECANCELED, "File `%s` not 8KiB", path); xopen(rfd, "/dev/urandom", O_RDONLY); errno = errno != ENOTDIR ? errno : 0; - xunveil("/dev/urandom", "r"); - if (flags != O_RDONLY) - xunveil(path, "w"); } void |