merge pledge(2) support from OpenBSD

author: Ingo Schwarze <schwarze@openbsd.org> 2015-11-06 17:33:34 +0000
committer: Ingo Schwarze <schwarze@openbsd.org> 2015-11-06 17:33:34 +0000
commit: 7ab4e1278a5b8ac4289c450b2bf85da2aad06ba4 (patch)
tree: efe602222ebf45e9e6f716c8795ff1f52faa4163
parent: 3fffa6c6072826f70aebe72863968bffb9d714cc (diff)
download: mandoc-7ab4e1278a5b8ac4289c450b2bf85da2aad06ba4.tar.gz
mandoc-7ab4e1278a5b8ac4289c450b2bf85da2aad06ba4.tar.zst
mandoc-7ab4e1278a5b8ac4289c450b2bf85da2aad06ba4.zip
5 files changed, 56 insertions, 3 deletions
diff --git a/Makefile b/Makefile
index cb2a2095..dc37e912 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-# $Id: Makefile,v 1.473 2015/11/06 16:30:33 schwarze Exp $
+# $Id: Makefile,v 1.474 2015/11/06 17:33:34 schwarze Exp $
 #
 # Copyright (c) 2010, 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
 # Copyright (c) 2011, 2013, 2014, 2015 Ingo Schwarze <schwarze@openbsd.org>
@@ -28,6 +28,7 @@ TESTSRCS	 = test-dirent-namlen.c \
 		   test-mkdtemp.c \
 		   test-mmap.c \
 		   test-ohash.c \
+		   test-pledge.c \
 		   test-progname.c \
 		   test-reallocarray.c \
 		   test-sqlite3.c \
diff --git a/configure b/configure
index 8d9e525f..28435810 100755
--- a/configure
+++ b/configure
@@ -50,6 +50,7 @@ HAVE_GETSUBOPT=
 HAVE_ISBLANK=
 HAVE_MKDTEMP=
 HAVE_MMAP=
+HAVE_PLEDGE=
 HAVE_PROGNAME=
 HAVE_REALLOCARRAY=
 HAVE_STRCASESTR=
@@ -180,6 +181,7 @@ runtest getsubopt	GETSUBOPT	|| true
 runtest isblank		ISBLANK		|| true
 runtest mkdtemp		MKDTEMP		|| true
 runtest mmap		MMAP		|| true
+runtest pledge		PLEDGE		|| true
 runtest progname	PROGNAME	|| true
 runtest reallocarray	REALLOCARRAY	|| true
 runtest strcasestr	STRCASESTR	|| true
@@ -301,6 +303,7 @@ cat << __HEREDOC__
 #define HAVE_ISBLANK ${HAVE_ISBLANK}
 #define HAVE_MKDTEMP ${HAVE_MKDTEMP}
 #define HAVE_MMAP ${HAVE_MMAP}
+#define HAVE_PLEDGE ${HAVE_PLEDGE}
 #define HAVE_PROGNAME ${HAVE_PROGNAME}
 #define HAVE_REALLOCARRAY ${HAVE_REALLOCARRAY}
 #define HAVE_STRCASESTR ${HAVE_STRCASESTR}
diff --git a/main.c b/main.c
index 1267bbfd..2475c085 100644
--- a/main.c
+++ b/main.c
@@ -1,4 +1,4 @@
-/*	$Id: main.c,v 1.254 2015/11/06 16:30:33 schwarze Exp $ */
+/*	$Id: main.c,v 1.255 2015/11/06 17:33:34 schwarze Exp $ */
 /*
  * Copyright (c) 2008-2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2010-2012, 2014, 2015 Ingo Schwarze <schwarze@openbsd.org>
@@ -149,6 +149,11 @@ main(int argc, char *argv[])
 		return mandocdb(argc, argv);
 #endif
 
+#if HAVE_PLEDGE
+	if (pledge("stdio rpath tmppath proc exec flock", NULL) == -1)
+		err((int)MANDOCLEVEL_SYSERR, "pledge");
+#endif
+
 	/* Search options. */
 
 	memset(&conf, 0, sizeof(conf));
@@ -288,6 +293,11 @@ main(int argc, char *argv[])
 	    !isatty(STDOUT_FILENO))
 		use_pager = 0;
 
+#if HAVE_PLEDGE
+	if (!use_pager && pledge("stdio rpath flock", NULL) == -1)
+		err((int)MANDOCLEVEL_SYSERR, "pledge");
+#endif
+
 	/* Parse arguments. */
 
 	if (argc > 0) {
@@ -414,6 +424,12 @@ main(int argc, char *argv[])
 
 	/* mandoc(1) */
 
+#if HAVE_PLEDGE
+	if (pledge(use_pager ? "stdio rpath tmppath proc exec" :
+	    "stdio rpath", NULL) == -1)
+		err((int)MANDOCLEVEL_SYSERR, "pledge");
+#endif
+
 	if (search.argmode == ARG_FILE && ! moptions(&options, auxpaths))
 		return (int)MANDOCLEVEL_BADARG;
 
@@ -1004,6 +1020,10 @@ spawn_pager(struct tag_files *tag_files)
 	case 0:
 		break;
 	default:
+#if HAVE_PLEDGE
+		if (pledge("stdio rpath tmppath", NULL) == -1)
+			err((int)MANDOCLEVEL_SYSERR, "pledge");
+#endif
 		return pager_pid;
 	}
 
diff --git a/mandocdb.c b/mandocdb.c
index 26c59b62..b5760709 100644
--- a/mandocdb.c
+++ b/mandocdb.c
@@ -1,4 +1,4 @@
-/*	$Id: mandocdb.c,v 1.206 2015/11/06 16:30:33 schwarze Exp $ */
+/*	$Id: mandocdb.c,v 1.207 2015/11/06 17:33:34 schwarze Exp $ */
 /*
  * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2011-2015 Ingo Schwarze <schwarze@openbsd.org>
@@ -337,6 +337,13 @@ mandocdb(int argc, char *argv[])
 	size_t		  j, sz;
 	int		  ch, i;
 
+#if HAVE_PLEDGE
+	if (pledge("stdio rpath wpath cpath fattr flock proc exec", NULL) == -1) {
+		perror("pledge");
+		return (int)MANDOCLEVEL_SYSERR;
+	}
+#endif
+
 	memset(&conf, 0, sizeof(conf));
 	memset(stmts, 0, STMT__MAX * sizeof(sqlite3_stmt *));
 
@@ -410,6 +417,13 @@ mandocdb(int argc, char *argv[])
 	argc -= optind;
 	argv += optind;
 
+#if HAVE_PLEDGE
+	if (nodb && pledge("stdio rpath", NULL) == -1) {
+		perror("pledge");
+		return (int)MANDOCLEVEL_SYSERR;
+	}
+#endif
+
 	if (OP_CONFFILE == op && argc > 0) {
 		warnx("-C: Too many arguments");
 		goto usage;
@@ -435,6 +449,14 @@ mandocdb(int argc, char *argv[])
 			 * The existing database is usable.  Process
 			 * all files specified on the command-line.
 			 */
+#if HAVE_PLEDGE
+			if (!nodb && pledge("stdio rpath wpath cpath fattr flock",
+			    NULL) == -1) {
+				perror("pledge");
+				exitcode = (int)MANDOCLEVEL_SYSERR;
+				goto out;
+			}
+#endif
 			use_all = 1;
 			for (i = 0; i < argc; i++)
 				filescan(argv[i]);
diff --git a/test-pledge.c b/test-pledge.c
new file mode 100644
index 00000000..ab2dfb47
--- /dev/null
+++ b/test-pledge.c
@@ -0,0 +1,7 @@
+#include <unistd.h>
+
+int
+main(void)
+{
+	return !!pledge("stdio", NULL);
+}
author	Ingo Schwarze <schwarze@openbsd.org>	2015-11-06 17:33:34 +0000
committer	Ingo Schwarze <schwarze@openbsd.org>	2015-11-06 17:33:34 +0000
commit	7ab4e1278a5b8ac4289c450b2bf85da2aad06ba4 (patch)
tree	efe602222ebf45e9e6f716c8795ff1f52faa4163
parent	3fffa6c6072826f70aebe72863968bffb9d714cc (diff)
download	mandoc-7ab4e1278a5b8ac4289c450b2bf85da2aad06ba4.tar.gz mandoc-7ab4e1278a5b8ac4289c450b2bf85da2aad06ba4.tar.zst mandoc-7ab4e1278a5b8ac4289c450b2bf85da2aad06ba4.zip