From: Omar Polo Subject: got/tog/gotadmin: pledge earlier To: gameoftrees@openbsd.org Date: Mon, 13 Feb 2023 11:03:57 +0100 we're alreading doing this in some places, so let's do it consistently. It's almost a mechanical diff, i've checked each case however to make sure we don't do operations not covered by the set of pledge promises in the getopt loop. The only "real" work done sometimes is realpath(3), which is covered by rpath. diffstat /home/op/w/gotd M got/got.c | 122+ 102- M gotadmin/gotadmin.c | 29+ 24- M tog/tog.c | 6+ 6- 3 files changed, 157 insertions(+), 132 deletions(-) diff /home/op/w/gotd commit - 2c4740ad12b787db8704cb160abc4f1e5e73d911 path + /home/op/w/gotd blob - 127b86675c2322fd21f0849b2a7f9df339621c75 file + got/got.c --- got/got.c +++ got/got.c @@ -759,6 +759,13 @@ cmd_import(int argc, char *argv[]) TAILQ_INIT(&ignores); +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " + "unveil", + NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "b:I:m:r:")) != -1) { switch (ch) { case 'b': @@ -796,12 +803,6 @@ cmd_import(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " - "unveil", - NULL) == -1) - err(1, "pledge"); -#endif if (argc != 1) usage_import(); @@ -2946,6 +2947,12 @@ cmd_checkout(int argc, char *argv[]) TAILQ_INIT(&paths); +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " + "unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "b:c:Ep:q")) != -1) { switch (ch) { case 'b': @@ -2974,11 +2981,6 @@ cmd_checkout(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " - "unveil", NULL) == -1) - err(1, "pledge"); -#endif if (argc == 1) { char *base, *dotgit; const char *path; @@ -3430,6 +3432,12 @@ cmd_update(int argc, char *argv[]) TAILQ_INIT(&paths); +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " + "unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "b:c:q")) != -1) { switch (ch) { case 'b': @@ -3452,11 +3460,6 @@ cmd_update(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " - "unveil", NULL) == -1) - err(1, "pledge"); -#endif worktree_path = getcwd(NULL, 0); if (worktree_path == NULL) { error = got_error_from_errno("getcwd"); @@ -6248,6 +6251,12 @@ cmd_status(int argc, char *argv[]) st.status_codes = NULL; st.suppress = 0; +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil", + NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "IS:s:")) != -1) { switch (ch) { case 'I': @@ -6289,11 +6298,6 @@ cmd_status(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil", - NULL) == -1) - err(1, "pledge"); -#endif cwd = getcwd(NULL, 0); if (cwd == NULL) { error = got_error_from_errno("getcwd"); @@ -6474,6 +6478,12 @@ cmd_ref(int argc, char *argv[]) char *refname = NULL; int *pack_fds = NULL; +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec " + "sendfd unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "c:dlr:s:t")) != -1) { switch (ch) { case 'c': @@ -6545,11 +6555,6 @@ cmd_ref(int argc, char *argv[]) if (refname) got_path_strip_trailing_slashes(refname); -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec " - "sendfd unveil", NULL) == -1) - err(1, "pledge"); -#endif cwd = getcwd(NULL, 0); if (cwd == NULL) { error = got_error_from_errno("getcwd"); @@ -6874,6 +6879,12 @@ cmd_branch(int argc, char *argv[]) TAILQ_INIT(&paths); +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec " + "sendfd unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "c:d:lnr:t")) != -1) { switch (ch) { case 'c': @@ -6924,11 +6935,6 @@ cmd_branch(int argc, char *argv[]) } else if (!do_show && argc != 1) usage_branch(); -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec " - "sendfd unveil", NULL) == -1) - err(1, "pledge"); -#endif cwd = getcwd(NULL, 0); if (cwd == NULL) { error = got_error_from_errno("getcwd"); @@ -7506,6 +7512,12 @@ cmd_tag(int argc, char *argv[]) int ch, do_list = 0, verify_tags = 0, verbosity = 0; int *pack_fds = NULL; +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec " + "sendfd unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "c:lm:r:s:Vv")) != -1) { switch (ch) { case 'c': @@ -7571,11 +7583,6 @@ cmd_tag(int argc, char *argv[]) if (argc == 1) tag_name = argv[0]; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec " - "sendfd unveil", NULL) == -1) - err(1, "pledge"); -#endif cwd = getcwd(NULL, 0); if (cwd == NULL) { error = got_error_from_errno("getcwd"); @@ -7750,6 +7757,12 @@ cmd_add(int argc, char *argv[]) TAILQ_INIT(&paths); +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil", + NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "IR")) != -1) { switch (ch) { case 'I': @@ -7767,11 +7780,6 @@ cmd_add(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil", - NULL) == -1) - err(1, "pledge"); -#endif if (argc < 1) usage_add(); @@ -7894,6 +7902,12 @@ cmd_remove(int argc, char *argv[]) TAILQ_INIT(&paths); +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil", + NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "fkRs:")) != -1) { switch (ch) { case 'f': @@ -7931,11 +7945,6 @@ cmd_remove(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil", - NULL) == -1) - err(1, "pledge"); -#endif if (argc < 1) usage_remove(); @@ -8587,6 +8596,12 @@ cmd_revert(int argc, char *argv[]) TAILQ_INIT(&paths); +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " + "unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "F:pR")) != -1) { switch (ch) { case 'F': @@ -8607,11 +8622,6 @@ cmd_revert(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " - "unveil", NULL) == -1) - err(1, "pledge"); -#endif if (argc < 1) usage_revert(); if (patch_script_path && !pflag) @@ -9038,6 +9048,12 @@ cmd_commit(int argc, char *argv[]) TAILQ_INIT(&paths); cl_arg.logmsg_path = NULL; +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " + "unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "A:F:m:NnS")) != -1) { switch (ch) { case 'A': @@ -9077,11 +9093,6 @@ cmd_commit(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " - "unveil", NULL) == -1) - err(1, "pledge"); -#endif cwd = getcwd(NULL, 0); if (cwd == NULL) { error = got_error_from_errno("getcwd"); @@ -10048,6 +10059,12 @@ cmd_cherrypick(int argc, char *argv[]) struct got_update_progress_arg upa; int *pack_fds = NULL; +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " + "unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "lX")) != -1) { switch (ch) { case 'l': @@ -10065,11 +10082,6 @@ cmd_cherrypick(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " - "unveil", NULL) == -1) - err(1, "pledge"); -#endif if (list_refs || remove_refs) { if (argc != 0 && argc != 1) usage_cherrypick(); @@ -10189,6 +10201,12 @@ cmd_backout(int argc, char *argv[]) struct got_update_progress_arg upa; int *pack_fds = NULL; +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " + "unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "lX")) != -1) { switch (ch) { case 'l': @@ -10206,11 +10224,6 @@ cmd_backout(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " - "unveil", NULL) == -1) - err(1, "pledge"); -#endif if (list_refs || remove_refs) { if (argc != 0 && argc != 1) usage_backout(); @@ -10958,6 +10971,12 @@ cmd_rebase(int argc, char *argv[]) TAILQ_INIT(&merged_paths); memset(&upa, 0, sizeof(upa)); +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " + "unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "aclX")) != -1) { switch (ch) { case 'a': @@ -10981,11 +11000,6 @@ cmd_rebase(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " - "unveil", NULL) == -1) - err(1, "pledge"); -#endif if (list_backups) { if (abort_rebase) option_conflict('l', 'a'); @@ -12232,6 +12246,12 @@ cmd_histedit(int argc, char *argv[]) TAILQ_INIT(&merged_paths); memset(&upa, 0, sizeof(upa)); +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " + "unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "acdeF:flmX")) != -1) { switch (ch) { case 'a': @@ -12270,11 +12290,6 @@ cmd_histedit(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " - "unveil", NULL) == -1) - err(1, "pledge"); -#endif if (abort_edit && continue_edit) option_conflict('a', 'c'); if (edit_script_path && edit_logmsg_only) @@ -12829,6 +12844,12 @@ cmd_integrate(int argc, char *argv[]) struct got_update_progress_arg upa; int *pack_fds = NULL; +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " + "unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "")) != -1) { switch (ch) { default: @@ -12843,11 +12864,7 @@ cmd_integrate(int argc, char *argv[]) if (argc != 1) usage_integrate(); branch_arg = argv[0]; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " - "unveil", NULL) == -1) - err(1, "pledge"); -#endif + cwd = getcwd(NULL, 0); if (cwd == NULL) { error = got_error_from_errno("getcwd"); @@ -12998,6 +13015,12 @@ cmd_merge(int argc, char *argv[]) memset(&upa, 0, sizeof(upa)); +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " + "unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "acn")) != -1) { switch (ch) { case 'a': @@ -13018,12 +13041,6 @@ cmd_merge(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " - "unveil", NULL) == -1) - err(1, "pledge"); -#endif - if (abort_merge && continue_merge) option_conflict('a', 'c'); if (abort_merge || continue_merge) { @@ -13304,6 +13321,12 @@ cmd_stage(int argc, char *argv[]) TAILQ_INIT(&paths); +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " + "unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "F:lpS")) != -1) { switch (ch) { case 'F': @@ -13327,11 +13350,6 @@ cmd_stage(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " - "unveil", NULL) == -1) - err(1, "pledge"); -#endif if (list_stage && (pflag || patch_script_path)) errx(1, "-l option cannot be used with other options"); if (patch_script_path && !pflag) @@ -13439,6 +13457,12 @@ cmd_unstage(int argc, char *argv[]) TAILQ_INIT(&paths); +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " + "unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "F:p")) != -1) { switch (ch) { case 'F': @@ -13456,11 +13480,6 @@ cmd_unstage(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd " - "unveil", NULL) == -1) - err(1, "pledge"); -#endif if (patch_script_path && !pflag) errx(1, "-F option can only be used together with -p option"); @@ -13974,6 +13993,12 @@ cmd_info(int argc, char *argv[]) TAILQ_INIT(&paths); +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil", + NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "")) != -1) { switch (ch) { default: @@ -13985,11 +14010,6 @@ cmd_info(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil", - NULL) == -1) - err(1, "pledge"); -#endif cwd = getcwd(NULL, 0); if (cwd == NULL) { error = got_error_from_errno("getcwd"); blob - e67fbcf1e5c4b6bc2399bde36796bf77749c9bed file + gotadmin/gotadmin.c --- gotadmin/gotadmin.c +++ gotadmin/gotadmin.c @@ -284,6 +284,11 @@ cmd_init(int argc, char *argv[]) char *repo_path = NULL; int ch; +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath unveil", NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "b:")) != -1) { switch (ch) { case 'b': @@ -298,10 +303,6 @@ cmd_init(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath unveil", NULL) == -1) - err(1, "pledge"); -#endif if (argc != 1) usage_init(); @@ -338,6 +339,12 @@ cmd_info(int argc, char *argv[]) char scaled[FMT_SCALED_STRSIZE]; int *pack_fds = NULL; +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil", + NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "r:")) != -1) { switch (ch) { case 'r': @@ -356,11 +363,6 @@ cmd_info(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil", - NULL) == -1) - err(1, "pledge"); -#endif if (repo_path == NULL) { error = get_repo_path(&repo_path); if (error) @@ -706,6 +708,12 @@ cmd_pack(int argc, char *argv[]) TAILQ_INIT(&exclude_refs); TAILQ_INIT(&include_refs); +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd unveil", + NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "aqr:x:")) != -1) { switch (ch) { case 'a': @@ -737,11 +745,6 @@ cmd_pack(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath fattr flock proc exec sendfd unveil", - NULL) == -1) - err(1, "pledge"); -#endif if (repo_path == NULL) { error = get_repo_path(&repo_path); if (error) @@ -1035,6 +1038,12 @@ cmd_listpack(int argc, char *argv[]) int show_stats = 0, human_readable = 0; int *pack_fds = NULL; +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil", + NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "hs")) != -1) { switch (ch) { case 'h': @@ -1058,11 +1067,6 @@ cmd_listpack(int argc, char *argv[]) if (packfile_path == NULL) return got_error_from_errno2("realpath", argv[0]); -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil", - NULL) == -1) - err(1, "pledge"); -#endif error = got_repo_pack_fds_open(&pack_fds); if (error != NULL) goto done; @@ -1220,6 +1224,12 @@ cmd_cleanup(int argc, char *argv[]) char scaled_diff[FMT_SCALED_STRSIZE]; int *pack_fds = NULL; +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil", + NULL) == -1) + err(1, "pledge"); +#endif + while ((ch = getopt(argc, argv, "anpqr:")) != -1) { switch (ch) { case 'a': @@ -1250,11 +1260,6 @@ cmd_cleanup(int argc, char *argv[]) argc -= optind; argv += optind; -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath flock proc exec sendfd unveil", - NULL) == -1) - err(1, "pledge"); -#endif if (repo_path == NULL) { error = get_repo_path(&repo_path); if (error) blob - 59f6749677b14d49ad79028572ac387a766ff9db file + tog/tog.c --- tog/tog.c +++ tog/tog.c @@ -9451,6 +9451,12 @@ main(int argc, char *argv[]) }; char *diff_algo_str = NULL; +#ifndef PROFILE + if (pledge("stdio rpath wpath cpath flock proc tty exec sendfd unveil", + NULL) == -1) + err(1, "pledge"); +#endif + if (!isatty(STDIN_FILENO)) errx(1, "standard input is not a tty"); @@ -9480,12 +9486,6 @@ main(int argc, char *argv[]) return 0; } -#ifndef PROFILE - if (pledge("stdio rpath wpath cpath flock proc tty exec sendfd unveil", - NULL) == -1) - err(1, "pledge"); -#endif - if (argc == 0) { if (hflag) usage(hflag, 0);