Hi all,
When ex/vi is started with -S (secure), a stricter pledge is used to
prevent exec from being used. It's tedious to specify -S all the time
and easier to add "set secure" to ~/.nexrc. However, the check for
which pledge to use doesn't care what your ~/.nexrc contains and the
exec promise remains.
This patch simply wait until the ~/.nexrc is parsed and all options are
set before checking whether or not to apply the stricter pledge.
Another approach would be to also have a check inside the opts_set()
unction, in case the user manually runs "set secure", but that feels
ugly and "too deep".
Jesper Wallin
Index: usr.bin/vi/common/main.c
===================================================================
RCS file: /cvs/src/usr.bin/vi/common/main.c,v
retrieving revision 1.41
diff -u -p -r1.41 main.c
--- usr.bin/vi/common/main.c 10 Nov 2017 18:31:36 -0000 1.41
+++ usr.bin/vi/common/main.c 20 May 2019 20:51:29 -0000
@@ -219,12 +219,6 @@ editor(GS *gp, int argc, char *argv[])
argc -= optind;
argv += optind;
- if (secure)
- if (pledge("stdio rpath wpath cpath fattr flock getpw tty",
NULL) == -1) {
- perror("pledge");
- goto err;
- }
-
/*
* -s option is only meaningful to ex.
*
@@ -297,6 +291,11 @@ editor(GS *gp, int argc, char *argv[])
goto done;
}
}
+ if (O_ISSET(sp, O_SECURE))
+ if (pledge("stdio rpath wpath cpath fattr flock getpw tty",
NULL) == -1) {
+ perror("pledge");
+ goto err;
+ }
/*
* List recovery files if -r specified without file arguments.
