diff options
-rw-r--r-- | Makefile | 1 | ||||
-rwxr-xr-x | configure | 3 | ||||
-rw-r--r-- | main.c | 20 | ||||
-rw-r--r-- | mandocdb.c | 22 | ||||
-rw-r--r-- | test-pledge.c | 7 |
5 files changed, 53 insertions, 0 deletions
@@ -28,6 +28,7 @@ TESTSRCS = test-dirent-namlen.c \ test-mkdtemp.c \ test-mmap.c \ test-ohash.c \ + test-pledge.c \ test-progname.c \ test-reallocarray.c \ test-sqlite3.c \ @@ -50,6 +50,7 @@ HAVE_GETSUBOPT= HAVE_ISBLANK= HAVE_MKDTEMP= HAVE_MMAP= +HAVE_PLEDGE= HAVE_PROGNAME= HAVE_REALLOCARRAY= HAVE_STRCASESTR= @@ -180,6 +181,7 @@ runtest getsubopt GETSUBOPT || true runtest isblank ISBLANK || true runtest mkdtemp MKDTEMP || true runtest mmap MMAP || true +runtest pledge PLEDGE || true runtest progname PROGNAME || true runtest reallocarray REALLOCARRAY || true runtest strcasestr STRCASESTR || true @@ -301,6 +303,7 @@ cat << __HEREDOC__ #define HAVE_ISBLANK ${HAVE_ISBLANK} #define HAVE_MKDTEMP ${HAVE_MKDTEMP} #define HAVE_MMAP ${HAVE_MMAP} +#define HAVE_PLEDGE ${HAVE_PLEDGE} #define HAVE_PROGNAME ${HAVE_PROGNAME} #define HAVE_REALLOCARRAY ${HAVE_REALLOCARRAY} #define HAVE_STRCASESTR ${HAVE_STRCASESTR} @@ -149,6 +149,11 @@ main(int argc, char *argv[]) return mandocdb(argc, argv); #endif +#if HAVE_PLEDGE + if (pledge("stdio rpath tmppath proc exec flock", NULL) == -1) + err((int)MANDOCLEVEL_SYSERR, "pledge"); +#endif + /* Search options. */ memset(&conf, 0, sizeof(conf)); @@ -288,6 +293,11 @@ main(int argc, char *argv[]) !isatty(STDOUT_FILENO)) use_pager = 0; +#if HAVE_PLEDGE + if (!use_pager && pledge("stdio rpath flock", NULL) == -1) + err((int)MANDOCLEVEL_SYSERR, "pledge"); +#endif + /* Parse arguments. */ if (argc > 0) { @@ -414,6 +424,12 @@ main(int argc, char *argv[]) /* mandoc(1) */ +#if HAVE_PLEDGE + if (pledge(use_pager ? "stdio rpath tmppath proc exec" : + "stdio rpath", NULL) == -1) + err((int)MANDOCLEVEL_SYSERR, "pledge"); +#endif + if (search.argmode == ARG_FILE && ! moptions(&options, auxpaths)) return (int)MANDOCLEVEL_BADARG; @@ -1004,6 +1020,10 @@ spawn_pager(struct tag_files *tag_files) case 0: break; default: +#if HAVE_PLEDGE + if (pledge("stdio rpath tmppath", NULL) == -1) + err((int)MANDOCLEVEL_SYSERR, "pledge"); +#endif return pager_pid; } @@ -337,6 +337,13 @@ mandocdb(int argc, char *argv[]) size_t j, sz; int ch, i; +#if HAVE_PLEDGE + if (pledge("stdio rpath wpath cpath fattr flock proc exec", NULL) == -1) { + perror("pledge"); + return (int)MANDOCLEVEL_SYSERR; + } +#endif + memset(&conf, 0, sizeof(conf)); memset(stmts, 0, STMT__MAX * sizeof(sqlite3_stmt *)); @@ -410,6 +417,13 @@ mandocdb(int argc, char *argv[]) argc -= optind; argv += optind; +#if HAVE_PLEDGE + if (nodb && pledge("stdio rpath", NULL) == -1) { + perror("pledge"); + return (int)MANDOCLEVEL_SYSERR; + } +#endif + if (OP_CONFFILE == op && argc > 0) { warnx("-C: Too many arguments"); goto usage; @@ -435,6 +449,14 @@ mandocdb(int argc, char *argv[]) * The existing database is usable. Process * all files specified on the command-line. */ +#if HAVE_PLEDGE + if (!nodb && pledge("stdio rpath wpath cpath fattr flock", + NULL) == -1) { + perror("pledge"); + exitcode = (int)MANDOCLEVEL_SYSERR; + goto out; + } +#endif use_all = 1; for (i = 0; i < argc; i++) filescan(argv[i]); diff --git a/test-pledge.c b/test-pledge.c new file mode 100644 index 00000000..ab2dfb47 --- /dev/null +++ b/test-pledge.c @@ -0,0 +1,7 @@ +#include <unistd.h> + +int +main(void) +{ + return !!pledge("stdio", NULL); +} |