summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeah Rowe <leah@libreboot.org>2023-05-31 08:02:46 +0100
committerLeah Rowe <leah@libreboot.org>2023-05-31 08:02:46 +0100
commitc2cd191676f5b491324d29484148c557dad548a5 (patch)
treebe3b83047623444bd82f778a4a75e400d0dfd1b3
parentc759a7a0952556b078caf9c756f5db543efaabda (diff)
util/nvmutil: Harden pledge promises
After reading a file, remove rpath. When removing rpath, also remove wpath if flags are not to O_RDONLY (read-only disk operation). When wpath is permitted, and a file was successfully written, remove wpath. In order to permit /dev/urandom access in rhex(), I call it as a void just before re-calling pledge. The rhex() function has been written in such a way that /dev/urandom only needs to be read *once*. Signed-off-by: Leah Rowe <leah@libreboot.org>
-rw-r--r--util/nvmutil/nvmutil.c18
1 files changed, 11 insertions, 7 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index 9702ff0b..524e678e 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -124,6 +124,11 @@ main(int argc, char *argv[])
skipread[part ^ 1] = (cmd == &cmd_copy) |
(cmd == &cmd_setchecksum) | (cmd == &cmd_brick);
readGbeFile(&fd, FILENAME, flags, nr);
+ (void)rhex();
+ if (flags == O_RDONLY)
+ xpledge("stdio", NULL);
+ else
+ xpledge("stdio wpath", NULL);
if (strMac != NULL)
cmd_setmac(strMac); /* nvm gbe.bin setmac */
else if (cmd != NULL)
@@ -219,18 +224,16 @@ hextonum(char ch)
uint8_t
rhex(void)
{
- static int rfd = -1;
- static uint64_t rnum = 0;
- if (rnum == 0) {
+ static int rfd = -1, n = 0;
+ static uint8_t rnum[16];
+ if (!n) {
if (rfd == -1)
if ((rfd = open("/dev/urandom", O_RDONLY)) == -1)
err(errno, "/dev/urandom");
- if (read(rfd, (uint8_t *) &rnum, 8) == -1)
+ if (read(rfd, (uint8_t *) &rnum, (n = 15) + 1) == -1)
err(errno, "/dev/urandom");
}
- uint8_t rval = (uint8_t) (rnum & 0xf);
- rnum >>= 4;
- return rval;
+ return rnum[n--] & 0xf;
}
void
@@ -366,6 +369,7 @@ next_part:
}
if (close((*fd)))
err(errno, "%s", filename);
+ xpledge("stdio", NULL);
}
void