On 2015-10-03 09.53.54 -0600, Theo de Raadt wrote:
> > Before, from the tame patch in snapshots:
> >
> > $ dc /dev/null
> > Killed
> > $
> >
> > After the below patch:
> >
> > $ dc /dev/null
> > $
> >
> > Found via the regress tests.
>
> I don't know why you added "proc". I don't see a need for it. Do
> you have a seperate test cases that prompts this?
Yes, here is a simple test for it:
$ echo "!echo ECHO" | dc
Killed
$ echo "!echo ECHO" > t ; dc t
Killed
$ echo $?
137
This is because of the system(3) call in bcode.c, the bexec function.
Index: dc.c
===================================================================
RCS file: /cvs/src/usr.bin/dc/dc.c,v
retrieving revision 1.13
diff -u -p -r1.13 dc.c
--- dc.c 26 Nov 2014 18:34:51 -0000 1.13
+++ dc.c 3 Oct 2015 19:46:35 -0000
@@ -47,6 +47,8 @@ main(int argc, char *argv[])
char *buf, *p;
struct stat st;
+ if (tame("stdio rpath proc", NULL) == -1)
+ err(1, "tame");
if ((buf = strdup("")) == NULL)
err(1, NULL);
@@ -89,6 +91,8 @@ main(int argc, char *argv[])
file = fopen(argv[0], "r");
if (file == NULL)
err(1, "cannot open file %s", argv[0]);
+ if (tame("stdio proc", NULL) == -1)
+ err(1, "tame");
if (fstat(fileno(file), &st) == -1)
err(1, "%s", argv[0]);
if (S_ISDIR(st.st_mode))
@@ -103,6 +107,8 @@ main(int argc, char *argv[])
*/
return (0);
}
+ if (tame("stdio proc", NULL) == -1)
+ err(1, "tame");
src_setstream(&src, stdin);
reset_bmachine(&src);
eval();
