From 6838db4647b600bf5b356429f54850bf801e7ba4 Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Fri, 20 Mar 2026 04:02:51 +0000
Subject: WIP: hardened mktemp

i'm pretty much nearly there. still no dir support,
only files.

i won't keep amending now - will do more, then
squash later.

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/nvmutil/nvmutil.c | 84 +++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 79 insertions(+), 5 deletions(-)

(limited to 'util/nvmutil/nvmutil.c')

diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index 670b7110..cb08ec43 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -6,6 +6,12 @@
  * These images configure your Intel Gigabit Ethernet adapter.
  */
 
+#ifdef __OpenBSD__
+/* for pledge/unveil test:
+ */
+#include <sys/param.h>
+#endif
+
 #include <sys/types.h>
 #include <sys/stat.h>
 
@@ -13,22 +19,88 @@
 #include <fcntl.h>
 #include <limits.h>
 #include <stddef.h>
+#include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 
 #include "include/common.h"
 
 int
 main(int argc, char *argv[])
 {
-	struct xstate *x = xstatus(argc, argv);
-	struct commands *cmd = &x->cmd[x->i];
-	struct xfile *f = &x->f;
+	struct xstate *x;
+
+	struct commands *cmd;
+	struct xfile *f;
+
+	size_t c;
+
+/* https://man.openbsd.org/pledge.2
+   https://man.openbsd.org/unveil.2     */
+#if defined(__OpenBSD__) && defined(OpenBSD)
+#if (OpenBSD) >= 604
+	if (pledge("stdio flock rpath wpath cpath unveil", NULL) == -1)
+		err_no_cleanup(errno, "pledge plus unveil, main");
+	if (unveil("/dev/null", "r") == -1)
+		err_no_cleanup(errno, "unveil r: /dev/null");
+#elif (OpenBSD) >= 509
+	if (pledge("stdio flock rpath wpath cpath", NULL) == -1)
+		err_no_cleanup(errno, "pledge, main");
+#endif
+#endif
+
+#ifndef S_ISREG
+	err_no_cleanup(ECANCELED,
+	    "Can't determine file types (S_ISREG undefined)");
+#endif
+#if ((CHAR_BIT) != 8)
+	err_no_cleanup(ECANCELED, "Unsupported char size");
+#endif
+
+	x = xstart(argc, argv);
+
+	if (x == NULL)
+		err_no_cleanup(ECANCELED, "NULL state on init");
 
-	unsigned long c;
+	cmd = &x->cmd[x->i];
+	f = &x->f;
+
+/* https://man.openbsd.org/pledge.2
+   https://man.openbsd.org/unveil.2     */
+#if defined(__OpenBSD__) && defined(OpenBSD)
+#if (OpenBSD) >= 604
+
+	if ((us.cmd[i].flags & O_ACCMODE) == O_RDONLY) {
+		if (unveil(us.f.fname, "r") == -1)
+			err(errno, "%s: unveil r", us.f.fname);
+	} else {
+		if (unveil(us.f.fname, "rwc") == -1)
+			err(errno, "%s: unveil rw", us.f.fname);
+	}
+
+	if (unveil(us.f.tname, "rwc") == -1)
+		err(errno, "unveil rwc: %s", us.f.tname);
+
+	if (unveil(NULL, NULL) == -1)
+		err(errno, "unveil block (rw)");
+
+	if (pledge("stdio flock rpath wpath cpath", NULL) == -1)
+		err(errno, "pledge (kill unveil)");
+
+#elif (OpenBSD) >= 509
+	if (pledge("stdio flock rpath wpath cpath", NULL) == -1)
+		err(errno, "pledge");
+#endif
+#endif
 
 	if (cmd->run == NULL)
 		err(errno, "Command not set");
 
+	open_gbe_file();
+
+	copy_gbe();
+	read_checksums();
+
 	cmd->run();
 
 	for (c = 0; c < items(x->cmd); c++)
@@ -43,8 +115,10 @@ main(int argc, char *argv[])
 	if (f->io_err_gbe_bin)
 		err(EIO, "%s: error writing final file");
 
-	if (f->tname != NULL)
+	if (f->tname != NULL) {
 		free(f->tname);
+		f->tname = NULL;
+	}
 
 	return EXIT_SUCCESS;
 }
-- 
cgit v1.2.1