diff options
| author | Leah Rowe <leah@libreboot.org> | 2023-06-03 19:39:37 +0100 |
|---|---|---|
| committer | Leah Rowe <leah@libreboot.org> | 2023-06-03 19:44:14 +0100 |
| commit | db63fcffb5ba30f7a0ed74ba9b437957592e6cb9 (patch) | |
| tree | 572f06f0b3a0939f39501ff60c6b1393ba3b0abe /util | |
| parent | dbd6defe9a02da1161f3cbd6348e643afe8beb9e (diff) | |
util/nvmutil: hardening: reduce pledges earlier
also remove wpath if using the dump command
Signed-off-by: Leah Rowe <leah@libreboot.org>
Diffstat (limited to 'util')
| -rw-r--r-- | util/nvmutil/nvmutil.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c index 905ca708..e9eda943 100644 --- a/util/nvmutil/nvmutil.c +++ b/util/nvmutil/nvmutil.c @@ -7,6 +7,12 @@ int main(int argc, char *argv[]) { xpledge("stdio rpath wpath unveil", NULL); + err_if((errno = argc < 3 ? EINVAL : errno)); + if ((flags = (strcmp(COMMAND, "dump") == 0) ? O_RDONLY : flags) + == O_RDONLY) + xpledge("stdio rpath unveil", NULL); + openFiles(FILENAME); + xpledge("stdio", NULL); for (int i = 0; i < 6; i++) if (strcmp(COMMAND, op[i].str) == 0) if ((cmd = argc >= op[i].args ? op[i].cmd : NULL)) @@ -16,8 +22,7 @@ main(int argc, char *argv[]) else if ((cmd != NULL) && (argc > 3)) err_if((errno = (!((part = PARTNUM[0] - '0') == 0 || part == 1)) || PARTNUM[1] ? EINVAL : errno)); - err_if((errno = (!cmd) ? EINVAL : errno)); - openFiles(FILENAME); + err_if((errno = (cmd == NULL) ? EINVAL : errno)); readGbeFile(FILENAME); (*cmd)(); @@ -31,7 +36,7 @@ void openFiles(const char *path) { struct stat st; - xopen(fd, path, flags = (cmd == cmd_dump) ? O_RDONLY : flags); + xopen(fd, path, flags); if ((st.st_size != SIZE_8KB)) err(errno = ECANCELED, "File `%s` not 8KiB", path); xopen(rfd, "/dev/urandom", O_RDONLY); @@ -39,7 +44,6 @@ openFiles(const char *path) xunveil("/dev/urandom", "r"); if (flags != O_RDONLY) xunveil(path, "w"); - xpledge("stdio", NULL); } void |