summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile1
-rwxr-xr-xconfigure3
-rw-r--r--main.c20
-rw-r--r--mandocdb.c22
-rw-r--r--test-pledge.c7
5 files changed, 53 insertions, 0 deletions
diff --git a/Makefile b/Makefile
index 0687a13f..6f0d7a63 100644
--- a/Makefile
+++ b/Makefile
@@ -28,6 +28,7 @@ TESTSRCS = test-dirent-namlen.c \
test-mkdtemp.c \
test-mmap.c \
test-ohash.c \
+ test-pledge.c \
test-progname.c \
test-reallocarray.c \
test-sqlite3.c \
diff --git a/configure b/configure
index 8d9e525f..28435810 100755
--- a/configure
+++ b/configure
@@ -50,6 +50,7 @@ HAVE_GETSUBOPT=
HAVE_ISBLANK=
HAVE_MKDTEMP=
HAVE_MMAP=
+HAVE_PLEDGE=
HAVE_PROGNAME=
HAVE_REALLOCARRAY=
HAVE_STRCASESTR=
@@ -180,6 +181,7 @@ runtest getsubopt GETSUBOPT || true
runtest isblank ISBLANK || true
runtest mkdtemp MKDTEMP || true
runtest mmap MMAP || true
+runtest pledge PLEDGE || true
runtest progname PROGNAME || true
runtest reallocarray REALLOCARRAY || true
runtest strcasestr STRCASESTR || true
@@ -301,6 +303,7 @@ cat << __HEREDOC__
#define HAVE_ISBLANK ${HAVE_ISBLANK}
#define HAVE_MKDTEMP ${HAVE_MKDTEMP}
#define HAVE_MMAP ${HAVE_MMAP}
+#define HAVE_PLEDGE ${HAVE_PLEDGE}
#define HAVE_PROGNAME ${HAVE_PROGNAME}
#define HAVE_REALLOCARRAY ${HAVE_REALLOCARRAY}
#define HAVE_STRCASESTR ${HAVE_STRCASESTR}
diff --git a/main.c b/main.c
index 9e61eb07..bc24338e 100644
--- a/main.c
+++ b/main.c
@@ -149,6 +149,11 @@ main(int argc, char *argv[])
return mandocdb(argc, argv);
#endif
+#if HAVE_PLEDGE
+ if (pledge("stdio rpath tmppath proc exec flock", NULL) == -1)
+ err((int)MANDOCLEVEL_SYSERR, "pledge");
+#endif
+
/* Search options. */
memset(&conf, 0, sizeof(conf));
@@ -288,6 +293,11 @@ main(int argc, char *argv[])
!isatty(STDOUT_FILENO))
use_pager = 0;
+#if HAVE_PLEDGE
+ if (!use_pager && pledge("stdio rpath flock", NULL) == -1)
+ err((int)MANDOCLEVEL_SYSERR, "pledge");
+#endif
+
/* Parse arguments. */
if (argc > 0) {
@@ -414,6 +424,12 @@ main(int argc, char *argv[])
/* mandoc(1) */
+#if HAVE_PLEDGE
+ if (pledge(use_pager ? "stdio rpath tmppath proc exec" :
+ "stdio rpath", NULL) == -1)
+ err((int)MANDOCLEVEL_SYSERR, "pledge");
+#endif
+
if (search.argmode == ARG_FILE && ! moptions(&options, auxpaths))
return (int)MANDOCLEVEL_BADARG;
@@ -1004,6 +1020,10 @@ spawn_pager(struct tag_files *tag_files)
case 0:
break;
default:
+#if HAVE_PLEDGE
+ if (pledge("stdio rpath tmppath", NULL) == -1)
+ err((int)MANDOCLEVEL_SYSERR, "pledge");
+#endif
return pager_pid;
}
diff --git a/mandocdb.c b/mandocdb.c
index 94c1ba5a..b2442e47 100644
--- a/mandocdb.c
+++ b/mandocdb.c
@@ -337,6 +337,13 @@ mandocdb(int argc, char *argv[])
size_t j, sz;
int ch, i;
+#if HAVE_PLEDGE
+ if (pledge("stdio rpath wpath cpath fattr flock proc exec", NULL) == -1) {
+ perror("pledge");
+ return (int)MANDOCLEVEL_SYSERR;
+ }
+#endif
+
memset(&conf, 0, sizeof(conf));
memset(stmts, 0, STMT__MAX * sizeof(sqlite3_stmt *));
@@ -410,6 +417,13 @@ mandocdb(int argc, char *argv[])
argc -= optind;
argv += optind;
+#if HAVE_PLEDGE
+ if (nodb && pledge("stdio rpath", NULL) == -1) {
+ perror("pledge");
+ return (int)MANDOCLEVEL_SYSERR;
+ }
+#endif
+
if (OP_CONFFILE == op && argc > 0) {
warnx("-C: Too many arguments");
goto usage;
@@ -435,6 +449,14 @@ mandocdb(int argc, char *argv[])
* The existing database is usable. Process
* all files specified on the command-line.
*/
+#if HAVE_PLEDGE
+ if (!nodb && pledge("stdio rpath wpath cpath fattr flock",
+ NULL) == -1) {
+ perror("pledge");
+ exitcode = (int)MANDOCLEVEL_SYSERR;
+ goto out;
+ }
+#endif
use_all = 1;
for (i = 0; i < argc; i++)
filescan(argv[i]);
diff --git a/test-pledge.c b/test-pledge.c
new file mode 100644
index 00000000..ab2dfb47
--- /dev/null
+++ b/test-pledge.c
@@ -0,0 +1,7 @@
+#include <unistd.h>
+
+int
+main(void)
+{
+ return !!pledge("stdio", NULL);
+}