Re: less: tighten pledge in secure mode

Wed, 22 Sep 2021 11:45:31 -0700 

Tobias Stoeckmann([email protected]) on 2021.09.21 22:23:55 +0200:
> Hi,
> 
> upstream (greenwood) less has disabled history file support for secure
> mode, i.e. LESSSECURE=1: https://github.com/gwsw/less/pull/201
> 
> The problem was about permanent marks for which we do not have support
> anyway. Users could possibly access files they should not be able to.
> 
> Since upstream does not allow history file in secure mode anymore we
> could do the same and remove wpath from secure mode pledge.
> 
> I have added a note about history file to our manual page.
> 
> Comments? Okays?

seems reasonable.

ok.


> Tobias
> 
> Index: cmdbuf.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/less/cmdbuf.c,v
> retrieving revision 1.20
> diff -u -p -u -p -r1.20 cmdbuf.c
> --- cmdbuf.c  2 Sep 2019 14:07:45 -0000       1.20
> +++ cmdbuf.c  21 Sep 2021 20:16:08 -0000
> @@ -20,6 +20,7 @@
>  #include "cmd.h"
>  #include "less.h"
>  
> +extern int secure;
>  extern int sc_width;
>  extern int utf_mode;
>  
> @@ -1203,6 +1204,8 @@ init_cmdhist(void)
>       FILE *f;
>       char *p;
>  
> +     if (secure)
> +             return;
>       filename = histfile_name();
>       if (filename == NULL)
>               return;
> @@ -1274,6 +1277,8 @@ save_cmdhist(void)
>       struct stat statbuf;
>       int r;
>  
> +     if (secure)
> +             return;
>       if (mlist_search.modified)
>               modified = 1;
>       if (mlist_shell.modified)
> Index: less.1
> ===================================================================
> RCS file: /cvs/src/usr.bin/less/less.1,v
> retrieving revision 1.57
> diff -u -p -u -p -r1.57 less.1
> --- less.1    2 Sep 2019 14:07:45 -0000       1.57
> +++ less.1    21 Sep 2021 20:16:09 -0000
> @@ -1697,6 +1697,8 @@ Use of lesskey files.
>  .It Fl t
>  Use of tags files.
>  .It " "
> +Use of history file.
> +.It " "
>  Metacharacters in filenames, such as "*".
>  .It " "
>  Filename completion (TAB, ^L).
> Index: main.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/less/main.c,v
> retrieving revision 1.37
> diff -u -p -u -p -r1.37 main.c
> --- main.c    28 Jun 2019 05:44:09 -0000      1.37
> +++ main.c    21 Sep 2021 20:16:09 -0000
> @@ -91,7 +91,7 @@ main(int argc, char *argv[])
>               secure = 1;
>  
>       if (secure) {
> -             if (pledge("stdio rpath wpath tty", NULL) == -1) {
> +             if (pledge("stdio rpath tty", NULL) == -1) {
>                       perror("pledge");
>                       exit(1);
>               }
>

Reply via email to