From 77ad14b31d17e2cf860d3681192f42d048327c16 Mon Sep 17 00:00:00 2001 From: FRex Date: Thu, 16 Sep 2021 22:53:53 +0200 Subject: [PATCH] small openbsd pledge improvements --- analyzepng.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/analyzepng.c b/analyzepng.c index 5472a91..bf0df44 100644 --- a/analyzepng.c +++ b/analyzepng.c @@ -26,6 +26,7 @@ static int isoption(const char * arg) #ifdef __OpenBSD__ #include #include +#define OPENBSD_PLEDGE_AND_UNVEIL_USED 1 static void applyOpenBsdRestrictions(int argc, char ** argv) { int i; @@ -33,13 +34,15 @@ static void applyOpenBsdRestrictions(int argc, char ** argv) /* hide all files except the filename arguments */ for(i = 1; i < argc; ++i) if(!isoption(argv[i])) - unveil(argv[i], "r"); + if(unveil(argv[i], "r") == -1) + err(1, "unveil"); /* only allow stdio and reading files, this also takes away ability to unveil */ if(pledge("stdio rpath", NULL) == -1) err(1, "pledge"); } #else +#define OPENBSD_PLEDGE_AND_UNVEIL_USED 0 static void applyOpenBsdRestrictions(int argc, char ** argv) {} #endif /* __OpenBSD__ */ @@ -108,6 +111,9 @@ static int print_usage(const char * argv0, FILE * f) if(BLA_WMAIN_USING_WMAIN_BOOLEAN) fprintf(f, "Windows build capable of colors and UTF-16 filenames\n"); + if(OPENBSD_PLEDGE_AND_UNVEIL_USED) + fprintf(f, "OpenBSD build using pledge(2) and unveil(2) for extra safety\n"); + fprintf(f, "Usage: %s [--no-idat] file.png...\n", argv0); fprintf(f, " --h OR --help #print this help to stdout\n"); fprintf(f, " --no-idat #don't print IDAT chunk locations and sizes, can be anywhere\n");