diff options
Diffstat (limited to 'util')
| -rw-r--r-- | util/libreboot-utils/lib/string.c | 9 | ||||
| -rw-r--r-- | util/libreboot-utils/mkhtemp.c | 20 | ||||
| -rw-r--r-- | util/libreboot-utils/nvmutil.c | 65 |
3 files changed, 15 insertions, 79 deletions
diff --git a/util/libreboot-utils/lib/string.c b/util/libreboot-utils/lib/string.c index 986c7b8e..dd11c039 100644 --- a/util/libreboot-utils/lib/string.c +++ b/util/libreboot-utils/lib/string.c @@ -294,12 +294,6 @@ err_no_cleanup(int stfu, int nvm_errval, const char *msg, ...) int saved_errno = errno; const char *p; -#if defined(__OpenBSD__) && defined(OpenBSD) -#if (OpenBSD) >= 509 - if (pledge("stdio", NULL) == -1) - fprintf(stderr, "pledge failure during exit"); -#endif -#endif if (!errno) saved_errno = errno = ECANCELED; @@ -363,6 +357,8 @@ lbgetprogname(char *argv0) return progname; } +/* https://man.openbsd.org/pledge.2 + https://man.openbsd.org/unveil.2 */ int xpledgex(const char *promises, const char *execpromises) { @@ -375,7 +371,6 @@ xpledgex(const char *promises, const char *execpromises) errno = saved_errno; return 0; } - int xunveilx(const char *path, const char *permissions) { diff --git a/util/libreboot-utils/mkhtemp.c b/util/libreboot-utils/mkhtemp.c index 7564800a..32a967d1 100644 --- a/util/libreboot-utils/mkhtemp.c +++ b/util/libreboot-utils/mkhtemp.c @@ -19,10 +19,6 @@ #define _GNU_SOURCE 1 #endif -#ifdef __OpenBSD__ -#include <sys/param.h> /* pledge(2) */ -#endif - #include <sys/types.h> #include <sys/stat.h> @@ -66,13 +62,8 @@ main(int argc, char *argv[]) if (lbgetprogname(argv[0]) == NULL) err_no_cleanup(stfu, errno, "could not set progname"); -/* https://man.openbsd.org/pledge.2 */ -#if defined(__OpenBSD__) && defined(OpenBSD) -#if (OpenBSD) >= 509 - if (pledge("stdio flock rpath wpath cpath", NULL) == -1) - goto err_usage; -#endif -#endif + /* https://man.openbsd.org/pledge.2 */ + xpledgex("stdio flock rpath wpath cpath", NULL); while ((c = getopt(argc, argv, "qdp:")) != -1) { @@ -134,12 +125,7 @@ main(int argc, char *argv[]) tmpdir, template) < 0) err_no_cleanup(stfu, errno, "%s", s); -#if defined(__OpenBSD__) && defined(OpenBSD) -#if (OpenBSD) >= 509 - if (pledge("stdio", NULL) == -1) - err_no_cleanup(stfu, errno, "pledge, exit"); -#endif -#endif + xpledgex("stdio", NULL); if (s == NULL) err_no_cleanup(stfu, EFAULT, "bad string initialisation"); diff --git a/util/libreboot-utils/nvmutil.c b/util/libreboot-utils/nvmutil.c index 0eed440c..d78ab0c8 100644 --- a/util/libreboot-utils/nvmutil.c +++ b/util/libreboot-utils/nvmutil.c @@ -6,12 +6,6 @@ * These images configure your Intel Gigabit Ethernet adapter. */ -#ifdef __OpenBSD__ -/* for pledge/unveil test: - */ -#include <sys/param.h> -#endif - #include <sys/types.h> #include <sys/stat.h> @@ -38,25 +32,8 @@ main(int argc, char *argv[]) if (lbgetprogname(argv[0]) == NULL) err_no_cleanup(0, errno, "could not set progname"); -/* https://man.openbsd.org/pledge.2 - https://man.openbsd.org/unveil.2 */ -#if defined(__OpenBSD__) && defined(OpenBSD) -#if (OpenBSD) >= 604 - if (pledge("stdio flock rpath wpath cpath unveil", NULL) == -1) - err_no_cleanup(0, errno, "pledge plus unveil, main"); -#if defined(USE_URANDOM) && \ - ((USE_URANDOM) > 0) - if (unveil("/dev/null", "r") == -1) - err_no_cleanup(0, errno, "unveil r: /dev/null"); -#else - if (unveil("/dev/urandom", "r") == -1) - err_no_cleanup(0, errno, "unveil r: /dev/urandom"); -#endif -#elif (OpenBSD) >= 509 - if (pledge("stdio flock rpath wpath cpath", NULL) == -1) - err_no_cleanup(0, errno, "pledge, main"); -#endif -#endif + xpledgex("stdio flock rpath wpath cpath unveil", NULL); + xunveilx("/dev/urandom", "r"); #ifndef S_ISREG err_no_cleanup(0, ECANCELED, @@ -66,9 +43,7 @@ main(int argc, char *argv[]) err_no_cleanup(0, ECANCELED, "Unsupported char size"); #endif - x = xstart(argc, argv); - - if (x == NULL) + if ((x = xstart(argc, argv)) == NULL) err_no_cleanup(0, ECANCELED, "NULL state on init"); /* parse user command */ @@ -79,38 +54,18 @@ main(int argc, char *argv[]) cmd = &x->cmd[x->i]; f = &x->f; -/* https://man.openbsd.org/pledge.2 - https://man.openbsd.org/unveil.2 */ -#if defined(__OpenBSD__) && defined(OpenBSD) -#if (OpenBSD) >= 604 + if ((cmd->flags & O_ACCMODE) == O_RDONLY) + xunveilx(f->fname, "r"); + else + xunveilx(f->fname, "rwc"); - if ((us.cmd[i].flags & O_ACCMODE) == O_RDONLY) { - if (unveil(us.f.fname, "r") == -1) - b0rk(errno, "%s: unveil r", us.f.fname); - } else { - if (unveil(us.f.fname, "rwc") == -1) - b0rk(errno, "%s: unveil rw", us.f.fname); - } - - if (unveil(us.f.tname, "rwc") == -1) - b0rk(errno, "unveil rwc: %s", us.f.tname); - - if (unveil(NULL, NULL) == -1) - b0rk(errno, "unveil block (rw)"); - - if (pledge("stdio flock rpath wpath cpath", NULL) == -1) - b0rk(errno, "pledge (kill unveil)"); - -#elif (OpenBSD) >= 509 - if (pledge("stdio flock rpath wpath cpath", NULL) == -1) - b0rk(errno, "pledge"); -#endif -#endif + xunveilx(f->tname, "rwc"); + xunveilx(NULL, NULL); + xpledgex("stdio flock rpath wpath cpath", NULL); if (cmd->run == NULL) b0rk(errno, "Command not set"); - sanitize_command_list(); open_gbe_file(); |