[prev in list] [next in list] [ prev in thread ] [next in thread] List: openbsd-tech Subject: Using tame() in userland From: Theo de Raadt <deraadt () cvs ! openbsd ! org> Date: 2015-08-27 20:12:08 Message-ID: 18083.1440706328 () cvs ! openbsd ! org [Download RAW message or body] This is for those of you interested in tame, and skilled enough to play along. This is a set of almost 100 diffs to programs in the tree to use tame. These have been done by myself, doug, florian, semarie, and a few other people I forget. I would make a rough guess these changes took about 100 hours of developer time; so making programs use tame() is pretty efficient. None of these examples uses the path whitelist yet. It is not perfect or final, but it shows the strategy for applying them to the base. It can make it through a 'make build'. Feel free to do tests, look for mistakes, or write diffs for other programs. Be careful writing such diffs; you need to fully understand the program and handle all cases. Not all programs can be tamed, some behaviours (like execve) are not compatible with features tame can do. Index: bin/cat/cat.c =================================================================== RCS file: /cvs/src/bin/cat/cat.c,v retrieving revision 1.21 diff -u -p -u -r1.21 cat.c --- bin/cat/cat.c 16 Jan 2015 06:39:28 -0000 1.21 +++ bin/cat/cat.c 26 Aug 2015 22:07:37 -0000 @@ -35,6 +35,7 @@ #include <sys/types.h> #include <sys/stat.h> +#include <sys/tame.h> #include <ctype.h> #include <err.h> @@ -65,6 +66,8 @@ main(int argc, char *argv[]) int ch; setlocale(LC_ALL, ""); + + tame(TAME_STDIO | TAME_RPATH, NULL); while ((ch = getopt(argc, argv, "benstuv")) != -1) switch (ch) { Index: bin/chmod/chmod.c =================================================================== RCS file: /cvs/src/bin/chmod/chmod.c,v retrieving revision 1.34 diff -u -p -u -r1.34 chmod.c --- bin/chmod/chmod.c 25 Jun 2015 02:04:08 -0000 1.34 +++ bin/chmod/chmod.c 26 Aug 2015 22:45:24 -0000 @@ -32,6 +32,7 @@ #include <sys/types.h> #include <sys/stat.h> +#include <sys/tame.h> #include <err.h> #include <errno.h> @@ -69,6 +70,8 @@ main(int argc, char *argv[]) char *ep, *mode, *cp, *flags; setlocale(LC_ALL, ""); + + tame(TAME_STDIO | TAME_RPATH | TAME_WPATH | TAME_FATTR, NULL); if (strlen(__progname) > 2) { ischown = __progname[2] == 'o'; Index: bin/dd/dd.c =================================================================== RCS file: /cvs/src/bin/dd/dd.c,v retrieving revision 1.21 diff -u -p -u -r1.21 dd.c --- bin/dd/dd.c 16 Jan 2015 06:39:31 -0000 1.21 +++ bin/dd/dd.c 26 Aug 2015 22:07:37 -0000 @@ -38,6 +38,7 @@ #include <sys/stat.h> #include <sys/ioctl.h> #include <sys/mtio.h> +#include <sys/tame.h> #include <ctype.h> #include <err.h> @@ -148,6 +149,11 @@ setup(void) pos_in(); if (out.offset) pos_out(); + + if (in.fd == STDIN_FILENO && out.fd == STDOUT_FILENO) + tame(TAME_STDIO, NULL); + else + tame(TAME_STDIO | TAME_RW, NULL); /* * Truncate the output file; ignore errors because it fails on some Index: bin/df/df.c =================================================================== RCS file: /cvs/src/bin/df/df.c,v retrieving revision 1.52 diff -u -p -u -r1.52 df.c --- bin/df/df.c 16 Jan 2015 06:39:31 -0000 1.52 +++ bin/df/df.c 27 Aug 2015 03:32:58 -0000 @@ -37,6 +37,7 @@ #include <sys/stat.h> #include <sys/mount.h> +#include <sys/tame.h> #include <err.h> #include <errno.h> @@ -78,6 +79,9 @@ main(int argc, char *argv[]) int ch, i; int width, maxwidth; char *mntpt; + + // but what about getfstat() ? + //tame(TAME_STDIO | TAME_RPATH, NULL); while ((ch = getopt(argc, argv, "hiklnPt:")) != -1) switch (ch) { Index: bin/echo/echo.c =================================================================== RCS file: /cvs/src/bin/echo/echo.c,v retrieving revision 1.8 diff -u -p -u -r1.8 echo.c --- bin/echo/echo.c 14 Dec 2014 16:55:59 -0000 1.8 +++ bin/echo/echo.c 26 Aug 2015 22:07:37 -0000 @@ -30,6 +30,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <stdio.h> #include <string.h> @@ -38,6 +40,8 @@ int main(int argc, char *argv[]) { int nflag; + + tame(TAME_STDIO, NULL); /* This utility may NOT do getopt(3) option parsing. */ if (*++argv && !strcmp(*argv, "-n")) { Index: bin/expr/expr.c =================================================================== RCS file: /cvs/src/bin/expr/expr.c,v retrieving revision 1.20 diff -u -p -u -r1.20 expr.c --- bin/expr/expr.c 11 Aug 2015 17:15:46 -0000 1.20 +++ bin/expr/expr.c 26 Aug 2015 22:07:37 -0000 @@ -6,6 +6,8 @@ * Public domain. */ +#include <sys/tame.h> + #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -499,6 +501,8 @@ main(int argc, char *argv[]) struct val *vp; (void) setlocale(LC_ALL, ""); + + tame(TAME_STDIO, NULL); if (argc > 1 && !strcmp(argv[1], "--")) argv++; Index: bin/ls/ls.c =================================================================== RCS file: /cvs/src/bin/ls/ls.c,v retrieving revision 1.41 diff -u -p -u -r1.41 ls.c --- bin/ls/ls.c 25 Jun 2015 02:04:07 -0000 1.41 +++ bin/ls/ls.c 26 Aug 2015 22:07:37 -0000 @@ -36,6 +36,7 @@ #include <sys/types.h> #include <sys/stat.h> #include <sys/ioctl.h> +#include <sys/tame.h> #include <dirent.h> #include <err.h> @@ -122,6 +123,8 @@ ls_main(int argc, char *argv[]) if (width) termwidth = width; } + + tame(TAME_STDIO | TAME_RPATH, NULL); /* Root is -A automatically. */ if (!getuid()) Index: bin/md5/md5.c =================================================================== RCS file: /cvs/src/bin/md5/md5.c,v retrieving revision 1.79 diff -u -p -u -r1.79 md5.c --- bin/md5/md5.c 19 Jan 2015 16:43:28 -0000 1.79 +++ bin/md5/md5.c 26 Aug 2015 22:07:37 -0000 @@ -23,6 +23,7 @@ #include <sys/types.h> #include <sys/queue.h> +#include <sys/tame.h> #include <netinet/in.h> #include <ctype.h> #include <err.h> @@ -200,6 +201,8 @@ main(int argc, char **argv) int fl, error, base64, i; int bflag, cflag, pflag, rflag, tflag, xflag; + tame(TAME_STDIO | TAME_CPATH | TAME_RPATH | TAME_WPATH | TAME_RW, NULL); + TAILQ_INIT(&hl); input_string = NULL; selective_checklist = NULL; @@ -308,8 +311,11 @@ main(int argc, char **argv) argc -= optind; argv += optind; - if (ofile == NULL) + if (ofile == NULL) { ofile = stdout; + tame(TAME_STDIO | TAME_RPATH, NULL); + } else + tame(TAME_STDIO | TAME_RPATH | TAME_RW, NULL); /* Most arguments are mutually exclusive */ fl = pflag + (tflag ? 1 : 0) + xflag + cflag + (input_string != NULL); Index: bin/mkdir/mkdir.c =================================================================== RCS file: /cvs/src/bin/mkdir/mkdir.c,v retrieving revision 1.25 diff -u -p -u -r1.25 mkdir.c --- bin/mkdir/mkdir.c 2 Apr 2013 20:26:17 -0000 1.25 +++ bin/mkdir/mkdir.c 26 Aug 2015 22:07:37 -0000 @@ -32,6 +32,7 @@ #include <sys/types.h> #include <sys/stat.h> +#include <sys/tame.h> #include <err.h> #include <errno.h> @@ -54,6 +55,8 @@ main(int argc, char *argv[]) mode_t mode, dir_mode; setlocale(LC_ALL, ""); + + tame(TAME_STDIO | TAME_CPATH | TAME_RPATH | TAME_WPATH, NULL); /* * The default file mode is a=rwx (0777) with selected permissions Index: bin/pax/pax.c =================================================================== RCS file: /cvs/src/bin/pax/pax.c,v retrieving revision 1.41 diff -u -p -u -r1.41 pax.c --- bin/pax/pax.c 9 Mar 2015 04:23:29 -0000 1.41 +++ bin/pax/pax.c 26 Aug 2015 22:49:13 -0000 @@ -38,6 +38,7 @@ #include <sys/stat.h> #include <sys/time.h> #include <sys/resource.h> +#include <sys/tame.h> #include <signal.h> #include <unistd.h> #include <stdlib.h> @@ -255,6 +256,10 @@ main(int argc, char **argv) options(argc, argv); if ((gen_init() < 0) || (tty_init() < 0)) return(exit_val); + + if (gzip_program == NULL) + tame(TAME_STDIO | TAME_GETPW | TAME_IOCTL | TAME_PROC | + TAME_CPATH | TAME_WPATH | TAME_RPATH | TAME_FATTR, NULL); /* * select a primary operation mode Index: bin/pwd/pwd.c =================================================================== RCS file: /cvs/src/bin/pwd/pwd.c,v retrieving revision 1.12 diff -u -p -u -r1.12 pwd.c --- bin/pwd/pwd.c 28 May 2014 06:55:58 -0000 1.12 +++ bin/pwd/pwd.c 26 Aug 2015 22:07:37 -0000 @@ -31,6 +31,7 @@ */ #include <sys/stat.h> +#include <sys/tame.h> #include <err.h> #include <stdio.h> @@ -46,6 +47,8 @@ main(int argc, char *argv[]) { int ch, lFlag = 0; const char *p; + + tame(TAME_STDIO | TAME_RPATH, NULL); while ((ch = getopt(argc, argv, "LP")) != -1) { switch (ch) { Index: bin/sleep/sleep.c =================================================================== RCS file: /cvs/src/bin/sleep/sleep.c,v retrieving revision 1.20 diff -u -p -u -r1.20 sleep.c --- bin/sleep/sleep.c 21 Nov 2013 15:54:46 -0000 1.20 +++ bin/sleep/sleep.c 26 Aug 2015 22:07:37 -0000 @@ -30,6 +30,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <ctype.h> #include <errno.h> #include <locale.h> @@ -55,6 +57,8 @@ main(int argc, char *argv[]) int i; setlocale(LC_ALL, ""); + + tame(TAME_MALLOC, NULL); signal(SIGALRM, alarmh); Index: bin/test/test.c =================================================================== RCS file: /cvs/src/bin/test/test.c,v retrieving revision 1.13 diff -u -p -u -r1.13 test.c --- bin/test/test.c 2 Dec 2014 18:32:05 -0000 1.13 +++ bin/test/test.c 26 Aug 2015 22:07:37 -0000 @@ -13,6 +13,8 @@ #include <sys/types.h> #include <sys/stat.h> +#include <sys/tame.h> + #include <unistd.h> #include <ctype.h> #include <errno.h> @@ -157,6 +159,8 @@ main(int argc, char *argv[]) { extern char *__progname; int res; + + tame(TAME_RPATH | TAME_MALLOC, NULL); if (strcmp(__progname, "[") == 0) { if (strcmp(argv[--argc], "]")) Index: sbin/dmesg/dmesg.c =================================================================== RCS file: /cvs/src/sbin/dmesg/dmesg.c,v retrieving revision 1.25 diff -u -p -u -r1.25 dmesg.c --- sbin/dmesg/dmesg.c 16 Jan 2015 06:39:57 -0000 1.25 +++ sbin/dmesg/dmesg.c 26 Aug 2015 22:07:37 -0000 @@ -33,6 +33,7 @@ #include <sys/types.h> #include <sys/msgbuf.h> #include <sys/sysctl.h> +#include <sys/tame.h> #include <err.h> #include <fcntl.h> @@ -107,6 +108,8 @@ main(int argc, char *argv[]) len = msgbufsize; if (sysctl(mib, 2, bufdata, &len, NULL, 0)) err(1, "sysctl: KERN_MSGBUF"); + + tame(TAME_STDIO, NULL); memcpy(&cur, bufdata, sizeof(cur)); bufdata = ((struct msgbuf *)bufdata)->msg_bufc; Index: sbin/ping/ping.c =================================================================== RCS file: /cvs/src/sbin/ping/ping.c,v retrieving revision 1.124 diff -u -p -u -r1.124 ping.c --- sbin/ping/ping.c 5 Aug 2015 12:46:12 -0000 1.124 +++ sbin/ping/ping.c 26 Aug 2015 22:07:37 -0000 @@ -55,6 +55,7 @@ #include <sys/queue.h> #include <sys/socket.h> #include <sys/time.h> +#include <sys/tame.h> #include <netinet/in.h> #include <netinet/ip.h> @@ -347,15 +348,6 @@ main(int argc, char *argv[]) if (argc != 1) usage(); - arc4random_buf(&tv64_offset, sizeof(tv64_offset)); - arc4random_buf(&mac_key, sizeof(mac_key)); - - memset(&interstr, 0, sizeof(interstr)); - - interstr.it_value.tv_sec = interval; - interstr.it_value.tv_usec = - (long) ((interval - interstr.it_value.tv_sec) * 1000000); - target = *argv; memset(&whereto, 0, sizeof(whereto)); @@ -374,6 +366,33 @@ main(int argc, char *argv[]) hostname = hnamebuf; } + if (options & F_SADDR) { + if (IN_MULTICAST(ntohl(to->sin_addr.s_addr))) + moptions |= MULTICAST_IF; + else { + memset(&whence, 0, sizeof(whence)); + whence.sin_len = sizeof(whence); + whence.sin_family = AF_INET; + memcpy(&whence.sin_addr.s_addr, &saddr, sizeof(saddr)); + if (bind(s, (struct sockaddr *)&whence, + sizeof(whence)) < 0) + err(1, "bind"); + } + } + + if (options & F_SO_DEBUG) + (void)setsockopt(s, SOL_SOCKET, SO_DEBUG, &optval, + sizeof(optval)); + + arc4random_buf(&tv64_offset, sizeof(tv64_offset)); + arc4random_buf(&mac_key, sizeof(mac_key)); + + memset(&interstr, 0, sizeof(interstr)); + + interstr.it_value.tv_sec = interval; + interstr.it_value.tv_usec = + (long) ((interval - interstr.it_value.tv_sec) * 1000000); + if (options & F_FLOOD && options & F_INTERVAL) errx(1, "-f and -i options are incompatible"); @@ -393,24 +412,6 @@ main(int argc, char *argv[]) ident = getpid() & 0xFFFF; - if (options & F_SADDR) { - if (IN_MULTICAST(ntohl(to->sin_addr.s_addr))) - moptions |= MULTICAST_IF; - else { - memset(&whence, 0, sizeof(whence)); - whence.sin_len = sizeof(whence); - whence.sin_family = AF_INET; - memcpy(&whence.sin_addr.s_addr, &saddr, sizeof(saddr)); - if (bind(s, (struct sockaddr *)&whence, - sizeof(whence)) < 0) - err(1, "bind"); - } - } - - if (options & F_SO_DEBUG) - (void)setsockopt(s, SOL_SOCKET, SO_DEBUG, &optval, - sizeof(optval)); - if (options & F_TTL) { if (IN_MULTICAST(ntohl(to->sin_addr.s_addr))) moptions |= MULTICAST_TTL; @@ -500,6 +501,11 @@ main(int argc, char *argv[]) datalen); else (void)printf("PING %s: %d data bytes

", hostname, datalen); + + if (options & F_NUMERIC) + tame(TAME_STDIO | TAME_INET, NULL); + else + tame(TAME_STDIO | TAME_INET | TAME_DNS, NULL); (void)signal(SIGINT, finish); (void)signal(SIGALRM, catcher); Index: sbin/ping6/ping6.c =================================================================== RCS file: /cvs/src/sbin/ping6/ping6.c,v retrieving revision 1.108 diff -u -p -u -r1.108 ping6.c --- sbin/ping6/ping6.c 2 May 2015 17:19:42 -0000 1.108 +++ sbin/ping6/ping6.c 26 Aug 2015 22:07:37 -0000 @@ -83,6 +83,7 @@ #include <sys/types.h> #include <sys/uio.h> #include <sys/socket.h> +#include <sys/tame.h> #include <net/if.h> #include <net/route.h> @@ -772,6 +773,11 @@ main(int argc, char *argv[]) close(dummy); } + + if (options & F_HOSTNAME) + tame(TAME_INET | TAME_DNS, NULL); + else + tame(TAME_INET, NULL); if (sockbufsize) { if (datalen > sockbufsize) Index: usr.bin/arch/arch.c =================================================================== RCS file: /cvs/src/usr.bin/arch/arch.c,v retrieving revision 1.14 diff -u -p -u -r1.14 arch.c --- usr.bin/arch/arch.c 8 Feb 2015 23:40:34 -0000 1.14 +++ usr.bin/arch/arch.c 26 Aug 2015 22:07:37 -0000 @@ -24,6 +24,7 @@ */ #include <sys/param.h> /* MACHINE MACHINE_ARCH */ +#include <sys/tame.h> #include <err.h> #include <locale.h> @@ -44,6 +45,8 @@ main(int argc, char *argv[]) char *arch, *opts; setlocale(LC_ALL, ""); + + tame(TAME_STDIO, NULL); machine = strcmp(__progname, "machine") == 0; if (machine) { Index: usr.bin/banner/banner.c =================================================================== RCS file: /cvs/src/usr.bin/banner/banner.c,v retrieving revision 1.9 diff -u -p -u -r1.9 banner.c --- usr.bin/banner/banner.c 27 Oct 2009 23:59:35 -0000 1.9 +++ usr.bin/banner/banner.c 26 Aug 2015 22:07:37 -0000 @@ -49,6 +49,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <stdio.h> #include <unistd.h> #include <stdlib.h> @@ -152,6 +154,7 @@ main(int argc, char *argv[]) { char word[10+1]; /* strings limited to 10 chars */ + tame(TAME_STDIO, NULL); while (*++argv) { (void)strlcpy(word, *argv, sizeof (word)); scan_out(1, word, '\0'); Index: usr.bin/basename/basename.c =================================================================== RCS file: /cvs/src/usr.bin/basename/basename.c,v retrieving revision 1.9 diff -u -p -u -r1.9 basename.c --- usr.bin/basename/basename.c 27 Oct 2009 23:59:36 -0000 1.9 +++ usr.bin/basename/basename.c 26 Aug 2015 22:07:37 -0000 @@ -30,6 +30,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <err.h> #include <libgen.h> #include <stdio.h> @@ -47,6 +49,8 @@ main(int argc, char *argv[]) char *p; setlocale(LC_ALL, ""); + + tame(TAME_STDIO, NULL); while ((ch = getopt(argc, argv, "")) != -1) { switch (ch) { Index: usr.bin/cal/cal.c =================================================================== RCS file: /cvs/src/usr.bin/cal/cal.c,v retrieving revision 1.28 diff -u -p -u -r1.28 cal.c --- usr.bin/cal/cal.c 17 Mar 2015 19:31:30 -0000 1.28 +++ usr.bin/cal/cal.c 26 Aug 2015 22:07:37 -0000 @@ -34,6 +34,7 @@ */ #include <sys/types.h> +#include <sys/tame.h> #include <ctype.h> #include <err.h> @@ -149,6 +150,8 @@ main(int argc, char *argv[]) time_t now; int ch, month, year, yflag; const char *errstr; + + tame(TAME_STDIO, NULL); yflag = year = 0; while ((ch = getopt(argc, argv, "jmwy")) != -1) Index: usr.bin/col/col.c =================================================================== RCS file: /cvs/src/usr.bin/col/col.c,v retrieving revision 1.17 diff -u -p -u -r1.17 col.c --- usr.bin/col/col.c 9 May 2015 20:36:18 -0000 1.17 +++ usr.bin/col/col.c 26 Aug 2015 22:07:37 -0000 @@ -33,6 +33,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <ctype.h> #include <err.h> #include <string.h> @@ -112,6 +114,8 @@ main(int argc, char *argv[]) int nflushd_lines; /* number of lines that were flushed */ int adjust, opt, warned; const char *errstr; + + tame(TAME_STDIO, NULL); max_bufd_lines = 256; compress_spaces = 1; /* compress spaces into tabs */ Index: usr.bin/colrm/colrm.c =================================================================== RCS file: /cvs/src/usr.bin/colrm/colrm.c,v retrieving revision 1.9 diff -u -p -u -r1.9 colrm.c --- usr.bin/colrm/colrm.c 27 Oct 2009 23:59:36 -0000 1.9 +++ usr.bin/colrm/colrm.c 26 Aug 2015 22:07:37 -0000 @@ -31,6 +31,7 @@ */ #include <sys/types.h> +#include <sys/tame.h> #include <err.h> #include <errno.h> @@ -51,6 +52,8 @@ main(int argc, char *argv[]) u_long column, start, stop; int ch; char *p; + + tame(TAME_STDIO, NULL); while ((ch = getopt(argc, argv, "")) != -1) switch(ch) { Index: usr.bin/column/column.c =================================================================== RCS file: /cvs/src/usr.bin/column/column.c,v retrieving revision 1.19 diff -u -p -u -r1.19 column.c --- usr.bin/column/column.c 22 May 2014 19:50:34 -0000 1.19 +++ usr.bin/column/column.c 26 Aug 2015 22:07:37 -0000 @@ -32,6 +32,7 @@ #include <sys/types.h> #include <sys/ioctl.h> +#include <sys/tame.h> #include <ctype.h> #include <err.h> @@ -67,6 +68,8 @@ main(int argc, char *argv[]) char *p; const char *errstr; + tame(TAME_STDIO | TAME_RPATH | TAME_IOCTL, NULL); + if (ioctl(1, TIOCGWINSZ, &win) == -1 || !win.ws_col) { if ((p = getenv("COLUMNS")) && *p != '\0') { termwidth = strtonum(p, 1, INT_MAX, &errstr); @@ -100,16 +103,21 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; - if (!*argv) + if (!*argv) { input(stdin); - else for (; *argv; ++argv) - if ((fp = fopen(*argv, "r"))) { - input(fp); - (void)fclose(fp); - } else { - warn("%s", *argv); - eval = 1; + tame(TAME_STDIO, NULL); + } else { + tame(TAME_STDIO | TAME_RPATH, NULL); + for (; *argv; ++argv) { + if ((fp = fopen(*argv, "r"))) { + input(fp); + (void)fclose(fp); + } else { + warn("%s", *argv); + eval = 1; + } } + } if (!entries) exit(eval); Index: usr.bin/comm/comm.c =================================================================== RCS file: /cvs/src/usr.bin/comm/comm.c,v retrieving revision 1.8 diff -u -p -u -r1.8 comm.c --- usr.bin/comm/comm.c 27 Oct 2009 23:59:37 -0000 1.8 +++ usr.bin/comm/comm.c 26 Aug 2015 22:07:37 -0000 @@ -33,6 +33,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <err.h> #include <limits.h> #include <locale.h> @@ -60,6 +62,8 @@ main(int argc, char *argv[]) int (*compare)(const char * ,const char *); setlocale(LC_ALL, ""); + + tame(TAME_STDIO | TAME_RPATH, NULL); flag1 = flag2 = flag3 = 1; compare = strcoll; Index: usr.bin/compress/main.c =================================================================== RCS file: /cvs/src/usr.bin/compress/main.c,v retrieving revision 1.85 diff -u -p -u -r1.85 main.c --- usr.bin/compress/main.c 25 Jun 2015 02:04:08 -0000 1.85 +++ usr.bin/compress/main.c 26 Aug 2015 22:07:37 -0000 @@ -30,6 +30,7 @@ * THE POSSIBILITY OF SUCH DAMAGE. */ +#include <sys/tame.h> #include <sys/time.h> #include <sys/stat.h> @@ -166,6 +167,8 @@ main(int argc, char *argv[]) char *p, *infile; char outfile[PATH_MAX], _infile[PATH_MAX], suffix[16]; int bits, ch, error, rc, cflag, oflag; + + tame(TAME_STDIO|TAME_WPATH|TAME_CPATH, NULL); bits = cflag = oflag = 0; storename = -1; Index: usr.bin/csplit/csplit.c =================================================================== RCS file: /cvs/src/usr.bin/csplit/csplit.c,v retrieving revision 1.5 diff -u -p -u -r1.5 csplit.c --- usr.bin/csplit/csplit.c 20 May 2014 01:25:23 -0000 1.5 +++ usr.bin/csplit/csplit.c 26 Aug 2015 22:07:37 -0000 @@ -45,6 +45,7 @@ * assumption about the input. */ +#include <sys/tame.h> #include <sys/types.h> #include <ctype.h> @@ -103,6 +104,8 @@ main(int argc, char *argv[]) setlocale(LC_ALL, ""); + tame(TAME_STDIO | TAME_RPATH | TAME_WPATH | TAME_CPATH, NULL); + kflag = sflag = 0; prefix = "xx"; sufflen = 2; @@ -140,6 +143,7 @@ main(int argc, char *argv[]) if (strcmp(infn, "-") == 0) { infile = stdin; infn = "stdin"; + tame(TAME_STDIO | TAME_WPATH | TAME_CPATH, NULL); } else if ((infile = fopen(infn, "r")) == NULL) err(1, "%s", infn); Index: usr.bin/cut/cut.c =================================================================== RCS file: /cvs/src/usr.bin/cut/cut.c,v retrieving revision 1.19 diff -u -p -u -r1.19 cut.c --- usr.bin/cut/cut.c 18 Aug 2015 17:10:48 -0000 1.19 +++ usr.bin/cut/cut.c 26 Aug 2015 22:07:37 -0000 @@ -33,6 +33,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <ctype.h> #include <err.h> #include <errno.h> @@ -62,6 +64,8 @@ main(int argc, char *argv[]) int ch, rval; setlocale (LC_ALL, ""); + + tame(TAME_STDIO | TAME_RPATH, NULL); dchar = '\t'; /* default delimiter is \t */ Index: usr.bin/dc/dc.c =================================================================== RCS file: /cvs/src/usr.bin/dc/dc.c,v retrieving revision 1.13 diff -u -p -u -r1.13 dc.c --- usr.bin/dc/dc.c 26 Nov 2014 18:34:51 -0000 1.13 +++ usr.bin/dc/dc.c 26 Aug 2015 22:07:37 -0000 @@ -17,6 +17,7 @@ */ #include <sys/stat.h> +#include <sys/tame.h> #include <err.h> #include <errno.h> #include <stdlib.h> @@ -47,6 +48,7 @@ main(int argc, char *argv[]) char *buf, *p; struct stat st; + tame(TAME_STDIO | TAME_RW, NULL); if ((buf = strdup("")) == NULL) err(1, NULL); Index: usr.bin/deroff/deroff.c =================================================================== RCS file: /cvs/src/usr.bin/deroff/deroff.c,v retrieving revision 1.11 diff -u -p -u -r1.11 deroff.c --- usr.bin/deroff/deroff.c 9 Feb 2015 11:39:17 -0000 1.11 +++ usr.bin/deroff/deroff.c 26 Aug 2015 22:07:37 -0000 @@ -62,6 +62,8 @@ * POSSIBILITY OF SUCH DAMAGE. */ +#include <sys/tame.h> + #include <err.h> #include <limits.h> #include <stdio.h> @@ -260,6 +262,8 @@ main(int ac, char **av) int errflg = 0; int kflag = NO; + tame(TAME_STDIO | TAME_RPATH, NULL); + iflag = NO; wordflag = NO; msflag = NO; @@ -331,6 +335,7 @@ main(int ac, char **av) #endif /* DEBUG */ if (argc == 0) { infile = stdin; + tame(TAME_STDIO, NULL); } else { infile = opn(argv[0]); --argc; Index: usr.bin/diff/diff.c =================================================================== RCS file: /cvs/src/usr.bin/diff/diff.c,v retrieving revision 1.59 diff -u -p -u -r1.59 diff.c --- usr.bin/diff/diff.c 29 Apr 2015 04:00:25 -0000 1.59 +++ usr.bin/diff/diff.c 26 Aug 2015 22:07:37 -0000 @@ -21,6 +21,7 @@ */ #include <sys/stat.h> +#include <sys/tame.h> #include <ctype.h> #include <err.h> @@ -216,6 +217,9 @@ main(int argc, char **argv) } argc -= optind; argv += optind; + + if (lflag == 0) + tame(TAME_STDIO | TAME_WPATH | TAME_RPATH | TAME_TMPPATH, NULL); /* * Do sanity checks, fill in stb1 and stb2 and call the appropriate Index: usr.bin/diff3/diff3prog.c =================================================================== RCS file: /cvs/src/usr.bin/diff3/diff3prog.c,v retrieving revision 1.14 diff -u -p -u -r1.14 diff3prog.c --- usr.bin/diff3/diff3prog.c 1 Dec 2014 06:36:32 -0000 1.14 +++ usr.bin/diff3/diff3prog.c 26 Aug 2015 22:07:37 -0000 @@ -64,6 +64,8 @@ * @(#)diff3.c 8.1 (Berkeley) 6/6/93 */ +#include <sys/tame.h> + #include <ctype.h> #include <err.h> #include <stdio.h> @@ -144,6 +146,8 @@ int main(int argc, char **argv) { int ch, i, m, n; + + tame(TAME_STDIO | TAME_RPATH, NULL); eflag = 0; oflag = 0; Index: usr.bin/dirname/dirname.c =================================================================== RCS file: /cvs/src/usr.bin/dirname/dirname.c,v retrieving revision 1.13 diff -u -p -u -r1.13 dirname.c --- usr.bin/dirname/dirname.c 10 Aug 2010 22:05:36 -0000 1.13 +++ usr.bin/dirname/dirname.c 26 Aug 2015 22:07:37 -0000 @@ -16,6 +16,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include <sys/tame.h> + #include <err.h> #include <libgen.h> #include <locale.h> @@ -32,6 +34,8 @@ main(int argc, char *argv[]) char *dir; setlocale(LC_ALL, ""); + + tame(TAME_STDIO, NULL); while ((ch = getopt(argc, argv, "")) != -1) { switch (ch) { Index: usr.bin/expand/expand.c =================================================================== RCS file: /cvs/src/usr.bin/expand/expand.c,v retrieving revision 1.12 diff -u -p -u -r1.12 expand.c --- usr.bin/expand/expand.c 26 Nov 2013 13:18:55 -0000 1.12 +++ usr.bin/expand/expand.c 26 Aug 2015 22:07:37 -0000 @@ -30,6 +30,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <stdio.h> #include <stdlib.h> #include <ctype.h> @@ -50,6 +52,8 @@ main(int argc, char *argv[]) { int c, column; int n; + + tame(TAME_STDIO|TAME_RPATH, NULL); /* handle obsolete syntax */ while (argc > 1 && argv[1][0] == '-' && Index: usr.bin/fgen/fgen.l =================================================================== RCS file: /cvs/src/usr.bin/fgen/fgen.l,v retrieving revision 1.10 diff -u -p -u -r1.10 fgen.l --- usr.bin/fgen/fgen.l 30 Dec 2013 21:52:21 -0000 1.10 +++ usr.bin/fgen/fgen.l 26 Aug 2015 22:07:37 -0000 @@ -53,6 +53,7 @@ white [ \t

\r\f] tail {white} %{ +#include <sys/tame.h> #include <sys/types.h> #include <assert.h> @@ -959,6 +960,8 @@ main(argc, argv) YY_BUFFER_STATE inbuf; char *hdrtype = "version1"; int i; + + tame(TAME_STDIO | TAME_RPATH | TAME_WPATH | TAME_CPATH, NULL); outf = 1; /* stdout */ myname = argv[0]; Index: usr.bin/file/Makefile =================================================================== RCS file: /cvs/src/usr.bin/file/Makefile,v retrieving revision 1.15 diff -u -p -u -r1.15 Makefile --- usr.bin/file/Makefile 27 Apr 2015 13:52:17 -0000 1.15 +++ usr.bin/file/Makefile 26 Aug 2015 22:07:37 -0000 @@ -1,7 +1,7 @@ # $OpenBSD: Makefile,v 1.15 2015/04/27 13:52:17 nicm Exp $ PROG= file -SRCS= file.c magic-dump.c magic-load.c magic-test.c magic-common.c sandbox.c \ +SRCS= file.c magic-dump.c magic-load.c magic-test.c magic-common.c \ text.c xmalloc.c MAN= file.1 magic.5 Index: usr.bin/file/file.c =================================================================== RCS file: /cvs/src/usr.bin/file/file.c,v retrieving revision 1.47 diff -u -p -u -r1.47 file.c --- usr.bin/file/file.c 12 Jul 2015 09:51:25 -0000 1.47 +++ usr.bin/file/file.c 26 Aug 2015 22:07:37 -0000 @@ -20,6 +20,7 @@ #include <sys/ioctl.h> #include <sys/mman.h> #include <sys/socket.h> +#include <sys/tame.h> #include <sys/queue.h> #include <sys/uio.h> #include <sys/wait.h> @@ -115,7 +116,7 @@ usage(void) int main(int argc, char **argv) { - int opt, pair[2], fd, idx; + int opt, pair[2], fd, idx, mode; char *home; struct passwd *pw; struct imsgbuf ibuf; @@ -191,8 +192,10 @@ main(int argc, char **argv) parent = getpid(); if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, pair) != 0) err(1, "socketpair"); - pid = sandbox_fork(FILE_USER); - if (pid == 0) { + switch (pid = fork()) { + case -1: + err(1, "fork"); + case 0: close(pair[0]); child(pair[1], parent, argc, argv); } @@ -219,10 +222,21 @@ main(int argc, char **argv) fd = -1; msg.error = errno; } else { - fd = open(argv[idx], O_RDONLY|O_NONBLOCK); - if (fd == -1 && (errno == ENFILE || errno == EMFILE)) - err(1, "open"); - if (S_ISLNK(msg.sb.st_mode)) + /* + * tame(2) doesn't let us pass directory file + * descriptors around but we don't need them, so don't + * open directories or symlinks (which could be to + * directories). + */ + mode = msg.sb.st_mode; + if (!S_ISDIR(mode) && !S_ISLNK(mode)) { + fd = open(argv[idx], O_RDONLY|O_NONBLOCK); + if (fd == -1 && + (errno == ENFILE || errno == EMFILE)) + err(1, "open"); + } else + fd = -1; + if (S_ISLNK(mode)) read_link(&msg, argv[idx]); } send_message(&ibuf, &msg, sizeof msg, fd); @@ -327,6 +341,7 @@ read_link(struct input_msg *msg, const c static __dead void child(int fd, pid_t parent, int argc, char **argv) { + struct passwd *pw; struct magic *m; struct imsgbuf ibuf; struct imsg imsg; @@ -336,6 +351,24 @@ child(int fd, pid_t parent, int argc, ch int i, idx; size_t len, width = 0; + if (tame(TAME_STDIO|TAME_CMSG|TAME_GETPW|TAME_PROC, NULL) != 0) + err(1, "tame"); + + if (geteuid() == 0) { + pw = getpwnam(FILE_USER); + if (pw == NULL) + errx(1, "unknown user %s", FILE_USER); + if (setgroups(1, &pw->pw_gid) != 0) + err(1, "setgroups"); + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) + err(1, "setresgid"); + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) + err(1, "setresuid"); + } + + if (tame(TAME_STDIO|TAME_CMSG, NULL) != 0) + err(1, "tame"); + m = magic_load(magicfp, magicpath, cflag || Wflag); if (cflag) { magic_dump(m); @@ -523,6 +556,8 @@ try_access(struct input_file *inf) { char tmp[256] = ""; + if (inf->msg->sb.st_size == 0 && S_ISREG(inf->msg->sb.st_mode)) + return (0); /* empty file */ if (inf->fd != -1) return (0); Index: usr.bin/finger/finger.c =================================================================== RCS file: /cvs/src/usr.bin/finger/finger.c,v retrieving revision 1.20 diff -u -p -u -r1.20 finger.c --- usr.bin/finger/finger.c 20 Aug 2015 22:32:41 -0000 1.20 +++ usr.bin/finger/finger.c 26 Aug 2015 22:07:37 -0000 @@ -58,6 +58,7 @@ #include <sys/file.h> #include <sys/stat.h> +#include <sys/tame.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -125,6 +126,8 @@ main(int argc, char *argv[]) if (sb.st_size > 1048576) mflag++; } + + tame(TAME_STDIO | TAME_GETPW | TAME_RPATH, NULL); (void)time(&now); setpassent(1); Index: usr.bin/fmt/fmt.c =================================================================== RCS file: /cvs/src/usr.bin/fmt/fmt.c,v retrieving revision 1.30 diff -u -p -u -r1.30 fmt.c --- usr.bin/fmt/fmt.c 26 Nov 2013 13:18:55 -0000 1.30 +++ usr.bin/fmt/fmt.c 26 Aug 2015 22:07:37 -0000 @@ -168,6 +168,8 @@ * Initial revision */ +#include <sys/tame.h> + #include <ctype.h> #include <err.h> #include <locale.h> @@ -255,6 +257,8 @@ main(int argc, char *argv[]) (void)setlocale(LC_CTYPE, ""); + tame(TAME_STDIO | TAME_RPATH, NULL); + /* 1. Grok parameters. */ while ((ch = getopt(argc, argv, "0123456789cd:hl:mnpst:w:")) != -1) { switch (ch) { @@ -337,6 +341,7 @@ main(int argc, char *argv[]) while (argc-- > 0) process_named_file(*argv++); } else { + tame(TAME_STDIO, NULL); process_stream(stdin, "standard input"); } Index: usr.bin/fold/fold.c =================================================================== RCS file: /cvs/src/usr.bin/fold/fold.c,v retrieving revision 1.15 diff -u -p -u -r1.15 fold.c --- usr.bin/fold/fold.c 6 Feb 2015 09:10:55 -0000 1.15 +++ usr.bin/fold/fold.c 26 Aug 2015 22:07:37 -0000 @@ -33,6 +33,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -56,6 +58,8 @@ main(int argc, char *argv[]) unsigned int width; const char *errstr; + tame(TAME_STDIO | TAME_RPATH, NULL); + width = 0; lastch = '\0'; prevoptind = 1; @@ -99,14 +103,18 @@ main(int argc, char *argv[]) if (width == 0) width = DEFLINEWIDTH; - if (!*argv) + if (!*argv) { + tame(TAME_STDIO, NULL); fold(width); - else for (; *argv; ++argv) - if (!freopen(*argv, "r", stdin)) { - err(1, "%s", *argv); - /* NOTREACHED */ - } else - fold(width); + } else { + for (; *argv; ++argv) { + if (!freopen(*argv, "r", stdin)) + err(1, "%s", *argv); + /* NOTREACHED */ + else + fold(width); + } + } exit(0); } Index: usr.bin/from/from.c =================================================================== RCS file: /cvs/src/usr.bin/from/from.c,v retrieving revision 1.20 diff -u -p -u -r1.20 from.c --- usr.bin/from/from.c 3 Jun 2015 18:08:54 -0000 1.20 +++ usr.bin/from/from.c 26 Aug 2015 22:18:10 -0000 @@ -31,6 +31,7 @@ */ #include <sys/types.h> +#include <sys/tame.h> #include <ctype.h> #include <pwd.h> #include <stdio.h> @@ -80,6 +81,7 @@ main(int argc, char *argv[]) exit(EXIT_SUCCESS); err(1, "%s", file); } + tame(TAME_STDIO, NULL); for (newline = 1; (linelen = getline(&line, &linesize, fp)) != -1;) { if (*line == '

') { newline = 1; @@ -98,6 +100,8 @@ char * mail_spool(char *file, const char *user) { struct passwd *pwd; + + tame(TAME_STDIO | TAME_RPATH | TAME_GETPW, NULL); /* * We find the mailbox by: Index: usr.bin/getopt/getopt.c =================================================================== RCS file: /cvs/src/usr.bin/getopt/getopt.c,v retrieving revision 1.8 diff -u -p -u -r1.8 getopt.c --- usr.bin/getopt/getopt.c 27 Oct 2009 23:59:38 -0000 1.8 +++ usr.bin/getopt/getopt.c 26 Aug 2015 22:07:37 -0000 @@ -5,6 +5,8 @@ * into the public domain and is thus not subject to any copyright. */ +#include <sys/tame.h> + #include <stdio.h> #include <stdlib.h> #include <unistd.h> @@ -16,6 +18,8 @@ main(int argc, char *argv[]) extern char *optarg; int c; int status = 0; + + tame(TAME_STDIO, NULL); optind = 2; /* Past the program name and the option letters. */ while ((c = getopt(argc, argv, argv[1])) != -1) Index: usr.bin/grep/grep.c =================================================================== RCS file: /cvs/src/usr.bin/grep/grep.c,v retrieving revision 1.51 diff -u -p -u -r1.51 grep.c --- usr.bin/grep/grep.c 30 Apr 2015 13:49:04 -0000 1.51 +++ usr.bin/grep/grep.c 26 Aug 2015 22:07:37 -0000 @@ -28,6 +28,7 @@ #include <sys/types.h> #include <sys/stat.h> +#include <sys/tame.h> #include <sys/queue.h> #include <ctype.h> @@ -236,6 +237,8 @@ main(int argc, char *argv[]) struct patfile *patfile, *pf_next; long l; char *ep, **expr; + + tame(TAME_STDIO | TAME_RPATH, NULL); SLIST_INIT(&patfilelh); switch (__progname[0]) { Index: usr.bin/head/head.c =================================================================== RCS file: /cvs/src/usr.bin/head/head.c,v retrieving revision 1.18 diff -u -p -u -r1.18 head.c --- usr.bin/head/head.c 8 Oct 2014 08:31:53 -0000 1.18 +++ usr.bin/head/head.c 26 Aug 2015 22:18:36 -0000 @@ -29,6 +29,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <stdio.h> #include <stdlib.h> #include <ctype.h> @@ -55,6 +57,8 @@ main(int argc, char *argv[]) char *p = NULL; int status = 0; + tame(TAME_STDIO | TAME_FATTR, NULL); + /* handle obsolete -number syntax */ if (argc > 1 && argv[1][0] == '-' && isdigit((unsigned char)argv[1][1])) { @@ -87,6 +91,7 @@ main(int argc, char *argv[]) if (!firsttime) exit(status); fp = stdin; + tame(TAME_STDIO, NULL); } else { if ((fp = fopen(*argv, "r")) == NULL) { warn("%s", *argv++); Index: usr.bin/hexdump/hexdump.c =================================================================== RCS file: /cvs/src/usr.bin/hexdump/hexdump.c,v retrieving revision 1.17 diff -u -p -u -r1.17 hexdump.c --- usr.bin/hexdump/hexdump.c 16 Jan 2015 06:40:08 -0000 1.17 +++ usr.bin/hexdump/hexdump.c 26 Aug 2015 22:07:37 -0000 @@ -30,6 +30,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <err.h> #include <stdio.h> #include <stdlib.h> @@ -52,6 +54,8 @@ main(int argc, char *argv[]) { FS *tfs; char *p; + + tame(TAME_STDIO | TAME_RPATH, NULL); if (!(p = strrchr(argv[0], 'o')) || strcmp(p, "od")) newsyntax(argc, &argv); Index: usr.bin/id/id.c =================================================================== RCS file: /cvs/src/usr.bin/id/id.c,v retrieving revision 1.23 diff -u -p -u -r1.23 id.c --- usr.bin/id/id.c 19 May 2015 16:03:19 -0000 1.23 +++ usr.bin/id/id.c 26 Aug 2015 22:07:37 -0000 @@ -29,6 +29,7 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> #include <err.h> #include <errno.h> #include <grp.h> @@ -104,6 +105,8 @@ main(int argc, char *argv[]) } argc -= optind; argv += optind; + + tame(TAME_STDIO | TAME_GETPW, NULL); switch (cflag + Gflag + gflag + pflag + uflag) { case 1: Index: usr.bin/indent/indent.c =================================================================== RCS file: /cvs/src/usr.bin/indent/indent.c,v retrieving revision 1.27 diff -u -p -u -r1.27 indent.c --- usr.bin/indent/indent.c 20 Aug 2015 22:32:41 -0000 1.27 +++ usr.bin/indent/indent.c 26 Aug 2015 22:07:37 -0000 @@ -32,6 +32,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <fcntl.h> #include <unistd.h> #include <limits.h> @@ -78,6 +80,7 @@ main(int argc, char **argv) int last_else = 0; /* true iff last keyword was an else */ + tame(TAME_STDIO | TAME_RPATH | TAME_WPATH | TAME_CPATH | TAME_TMPPATH, NULL); /*-----------------------------------------------*\ | INITIALIZATION | Index: usr.bin/infocmp/infocmp.c =================================================================== RCS file: /cvs/src/usr.bin/infocmp/infocmp.c,v retrieving revision 1.20 diff -u -p -u -r1.20 infocmp.c --- usr.bin/infocmp/infocmp.c 12 Jan 2010 23:22:13 -0000 1.20 +++ usr.bin/infocmp/infocmp.c 26 Aug 2015 22:07:37 -0000 @@ -40,6 +40,8 @@ * and Thomas E Dickey */ +#include <sys/tame.h> + #include <progs.priv.h> #include <dump_entry.h> @@ -1281,6 +1283,8 @@ main(int argc, char *argv[]) int initdump = 0; bool init_analyze = FALSE; bool suppress_untranslatable = FALSE; + + tame(TAME_STDIO | TAME_RPATH, NULL); /* where is the terminfo database location going to default to? */ restdir = firstdir = 0; Index: usr.bin/join/join.c =================================================================== RCS file: /cvs/src/usr.bin/join/join.c,v retrieving revision 1.25 diff -u -p -u -r1.25 join.c --- usr.bin/join/join.c 21 Jul 2015 04:42:59 -0000 1.25 +++ usr.bin/join/join.c 26 Aug 2015 22:07:37 -0000 @@ -33,6 +33,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <err.h> #include <stdio.h> #include <stdlib.h> @@ -103,6 +105,8 @@ main(int argc, char *argv[]) INPUT *F1, *F2; int aflag, ch, cval, vflag; char *end; + + tame(TAME_STDIO | TAME_RPATH, NULL); F1 = &input1; F2 = &input2; Index: usr.bin/jot/jot.c =================================================================== RCS file: /cvs/src/usr.bin/jot/jot.c,v retrieving revision 1.24 diff -u -p -u -r1.24 jot.c --- usr.bin/jot/jot.c 21 Jul 2015 04:04:06 -0000 1.24 +++ usr.bin/jot/jot.c 26 Aug 2015 22:07:37 -0000 @@ -1,4 +1,4 @@ -/* $OpenBSD: jot.c,v 1.24 2015/07/21 04:04:06 jasper Exp $ */ +/* $OpenBSD: jot.c,v 1.23 2013/11/26 13:21:18 deraadt Exp $ */ /* $NetBSD: jot.c,v 1.3 1994/12/02 20:29:43 pk Exp $ */ /*- @@ -36,6 +36,8 @@ * Author: John Kunze, Office of Comp. Affairs, UCB */ +#include <sys/tame.h> + #include <err.h> #include <stdbool.h> #include <ctype.h> @@ -83,6 +85,8 @@ main(int argc, char *argv[]) int n = 0; int ch; const char *errstr; + + tame(TAME_STDIO, NULL); while ((ch = getopt(argc, argv, "rb:w:cs:np:")) != -1) switch (ch) { Index: usr.bin/kdump/kdump.c =================================================================== RCS file: /cvs/src/usr.bin/kdump/kdump.c,v retrieving revision 1.103 diff -u -p -u -r1.103 kdump.c --- usr.bin/kdump/kdump.c 19 Jul 2015 04:45:25 -0000 1.103 +++ usr.bin/kdump/kdump.c 26 Aug 2015 22:07:37 -0000 @@ -46,6 +46,7 @@ #include <sys/vmmeter.h> #include <sys/tty.h> #include <sys/wait.h> +#include <sys/tame.h> #define _KERNEL #include <errno.h> #undef _KERNEL @@ -240,6 +241,8 @@ main(int argc, char *argv[]) } if (argc > optind) usage(); + + tame(TAME_MALLOC | TAME_RPATH, NULL); m = malloc(size = 1025); if (m == NULL) Index: usr.bin/lam/lam.c =================================================================== RCS file: /cvs/src/usr.bin/lam/lam.c,v retrieving revision 1.17 diff -u -p -u -r1.17 lam.c --- usr.bin/lam/lam.c 16 Jan 2015 06:40:09 -0000 1.17 +++ usr.bin/lam/lam.c 26 Aug 2015 22:07:37 -0000 @@ -36,6 +36,7 @@ */ #include <sys/param.h> /* NOFILE_MAX */ +#include <sys/tame.h> #include <ctype.h> #include <err.h> @@ -70,6 +71,8 @@ int main(int argc, char *argv[]) { int i; + + tame(TAME_STDIO | TAME_RPATH, NULL); /* Process arguments, set numfiles to file argument count. */ getargs(argc, argv); Index: usr.bin/lastcomm/lastcomm.c =================================================================== RCS file: /cvs/src/usr.bin/lastcomm/lastcomm.c,v retrieving revision 1.21 diff -u -p -u -r1.21 lastcomm.c --- usr.bin/lastcomm/lastcomm.c 15 Mar 2015 00:41:28 -0000 1.21 +++ usr.bin/lastcomm/lastcomm.c 26 Aug 2015 22:07:37 -0000 @@ -33,6 +33,7 @@ #include <sys/param.h> /* NODEV */ #include <sys/stat.h> #include <sys/acct.h> +#include <sys/tame.h> #include <ctype.h> #include <err.h> @@ -68,6 +69,8 @@ main(int argc, char *argv[]) double delta; int ch; char *acctfile; + + tame(TAME_STDIO | TAME_RPATH, NULL); acctfile = _PATH_ACCT; while ((ch = getopt(argc, argv, "f:")) != -1) Index: usr.bin/leave/leave.c =================================================================== RCS file: /cvs/src/usr.bin/leave/leave.c,v retrieving revision 1.15 diff -u -p -u -r1.15 leave.c --- usr.bin/leave/leave.c 16 Jan 2015 06:40:09 -0000 1.15 +++ usr.bin/leave/leave.c 26 Aug 2015 22:07:37 -0000 @@ -30,7 +30,9 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> #include <sys/time.h> + #include <ctype.h> #include <err.h> #include <stdio.h> @@ -62,7 +64,9 @@ main(int argc, char *argv[]) time_t now; int plusnow = 0, twentyfour; char buf[50]; - + + tame(TAME_STDIO | TAME_PROC, NULL); + if (setvbuf(stdout, NULL, _IOLBF, 0) != 0) errx(1, "Cannot set stdout to line buffered."); Index: usr.bin/logger/logger.c =================================================================== RCS file: /cvs/src/usr.bin/logger/logger.c,v retrieving revision 1.14 diff -u -p -u -r1.14 logger.c --- usr.bin/logger/logger.c 18 Apr 2015 18:28:37 -0000 1.14 +++ usr.bin/logger/logger.c 26 Aug 2015 22:07:37 -0000 @@ -30,6 +30,7 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> #include <errno.h> #include <unistd.h> #include <limits.h> @@ -91,6 +92,8 @@ main(int argc, char *argv[]) /* setup for logging */ openlog(tag ? tag : getlogin(), logflags, 0); (void) fclose(stdout); + + tame(TAME_STDIO, NULL); /* log input line if appropriate */ if (argc > 0) { Index: usr.bin/logname/logname.c =================================================================== RCS file: /cvs/src/usr.bin/logname/logname.c,v retrieving revision 1.7 diff -u -p -u -r1.7 logname.c --- usr.bin/logname/logname.c 27 Oct 2009 23:59:40 -0000 1.7 +++ usr.bin/logname/logname.c 26 Aug 2015 22:07:37 -0000 @@ -30,6 +30,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <stdio.h> #include <stdlib.h> #include <locale.h> @@ -45,6 +47,8 @@ main(int argc, char *argv[]) char *p; setlocale(LC_ALL, ""); + + tame(TAME_STDIO | TAME_GETPW, NULL); while ((ch = getopt(argc, argv, "")) != -1) switch (ch) { Index: usr.bin/look/look.c =================================================================== RCS file: /cvs/src/usr.bin/look/look.c,v retrieving revision 1.16 diff -u -p -u -r1.16 look.c --- usr.bin/look/look.c 6 Feb 2015 23:21:59 -0000 1.16 +++ usr.bin/look/look.c 26 Aug 2015 22:07:37 -0000 @@ -44,6 +44,7 @@ #include <sys/types.h> #include <sys/mman.h> #include <sys/stat.h> +#include <sys/tame.h> #include <ctype.h> #include <errno.h> @@ -87,6 +88,8 @@ main(int argc, char *argv[]) struct stat sb; int ch, fd, termchar; char *back, *file, *front, *string, *p; + + tame(TAME_STDIO | TAME_MALLOC | TAME_RPATH, NULL); file = _PATH_WORDS; termchar = '\0'; Index: usr.bin/mktemp/mktemp.c =================================================================== RCS file: /cvs/src/usr.bin/mktemp/mktemp.c,v retrieving revision 1.20 diff -u -p -u -r1.20 mktemp.c --- usr.bin/mktemp/mktemp.c 6 Aug 2013 21:56:51 -0000 1.20 +++ usr.bin/mktemp/mktemp.c 26 Aug 2015 22:07:37 -0000 @@ -17,6 +17,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include <sys/tame.h> + #include <err.h> #include <paths.h> #include <stdarg.h> @@ -37,6 +39,8 @@ main(int argc, char *argv[]) int ch, fd, uflag = 0, tflag = 0, makedir = 0; char *cp, *template, *tempfile, *prefix = _PATH_TMP; size_t len; + + tame(TAME_STDIO | TAME_WPATH | TAME_CPATH, NULL); while ((ch = getopt(argc, argv, "dp:qtu")) != -1) switch(ch) { Index: usr.bin/nl/nl.c =================================================================== RCS file: /cvs/src/usr.bin/nl/nl.c,v retrieving revision 1.4 diff -u -p -u -r1.4 nl.c --- usr.bin/nl/nl.c 21 Jan 2015 22:28:09 -0000 1.4 +++ usr.bin/nl/nl.c 26 Aug 2015 22:07:37 -0000 @@ -30,6 +30,8 @@ * POSSIBILITY OF SUCH DAMAGE. */ +#include <sys/tame.h> + #include <err.h> #include <errno.h> #include <limits.h> @@ -118,6 +120,8 @@ main(int argc, char *argv[]) (void)setlocale(LC_ALL, ""); + tame(TAME_STDIO | TAME_RPATH, NULL); + while ((c = getopt(argc, argv, "pb:d:f:h:i:l:n:s:v:w:")) != -1) { switch (c) { case 'p': @@ -204,10 +208,13 @@ main(int argc, char *argv[]) switch (argc) { case 0: + /* Read from stdin. */ + tame(TAME_STDIO, NULL); break; case 1: - if (strcmp(argv[0], "-") != 0 && - freopen(argv[0], "r", stdin) == NULL) + if (strcmp(argv[0], "-") == 0) + tame(TAME_STDIO, NULL); + else if (freopen(argv[0], "r", stdin) == NULL) err(EXIT_FAILURE, "%s", argv[0]); break; default: Index: usr.bin/nm/nm.c =================================================================== RCS file: /cvs/src/usr.bin/nm/nm.c,v retrieving revision 1.47 diff -u -p -u -r1.47 nm.c --- usr.bin/nm/nm.c 13 Aug 2015 19:13:28 -0000 1.47 +++ usr.bin/nm/nm.c 26 Aug 2015 22:07:37 -0000 @@ -35,6 +35,8 @@ #include <sys/types.h> #include <sys/mman.h> +#include <sys/tame.h> + #include <a.out.h> #include <elf_abi.h> #include <ar.h> @@ -134,6 +136,8 @@ main(int argc, char *argv[]) const char *optstr; const struct option *lopts; int ch, eval; + + tame(TAME_STDIO | TAME_RPATH, NULL); optstr = OPTSTRING_NM; lopts = longopts_nm; Index: usr.bin/paste/paste.c =================================================================== RCS file: /cvs/src/usr.bin/paste/paste.c,v retrieving revision 1.19 diff -u -p -u -r1.19 paste.c --- usr.bin/paste/paste.c 25 Nov 2014 10:20:24 -0000 1.19 +++ usr.bin/paste/paste.c 26 Aug 2015 22:07:37 -0000 @@ -34,6 +34,8 @@ #include <sys/queue.h> #include <sys/types.h> +#include <sys/tame.h> + #include <err.h> #include <errno.h> #include <limits.h> @@ -56,6 +58,8 @@ main(int argc, char *argv[]) extern char *optarg; extern int optind; int ch, seq; + + tame(TAME_STDIO | TAME_RPATH, NULL); seq = 0; while ((ch = getopt(argc, argv, "d:s")) != -1) { Index: usr.bin/patch/patch.c =================================================================== RCS file: /cvs/src/usr.bin/patch/patch.c,v retrieving revision 1.54 diff -u -p -u -r1.54 patch.c --- usr.bin/patch/patch.c 13 Dec 2014 10:31:07 -0000 1.54 +++ usr.bin/patch/patch.c 26 Aug 2015 22:07:37 -0000 @@ -28,6 +28,7 @@ #include <sys/types.h> #include <sys/stat.h> +#include <sys/tame.h> #include <unistd.h> #include <ctype.h> @@ -146,6 +147,8 @@ main(int argc, char *argv[]) LINENUM where = 0, newwhere, fuzz, mymaxfuzz; const char *tmpdir; char *v; + + tame(TAME_STDIO | TAME_RPATH | TAME_WPATH | TAME_CPATH | TAME_TMPPATH, NULL); setvbuf(stdout, NULL, _IOLBF, 0); setvbuf(stderr, NULL, _IOLBF, 0); Index: usr.bin/pr/pr.c =================================================================== RCS file: /cvs/src/usr.bin/pr/pr.c,v retrieving revision 1.36 diff -u -p -u -r1.36 pr.c --- usr.bin/pr/pr.c 20 Aug 2015 22:32:41 -0000 1.36 +++ usr.bin/pr/pr.c 26 Aug 2015 22:07:37 -0000 @@ -36,6 +36,7 @@ #include <sys/types.h> #include <sys/time.h> #include <sys/stat.h> +#include <sys/tame.h> #include <ctype.h> #include <errno.h> @@ -139,6 +140,8 @@ int main(int argc, char *argv[]) { int ret_val; + + tame(TAME_STDIO | TAME_RPATH, NULL); if (signal(SIGINT, SIG_IGN) != SIG_IGN) (void)signal(SIGINT, terminate); Index: usr.bin/printenv/printenv.c =================================================================== RCS file: /cvs/src/usr.bin/printenv/printenv.c,v retrieving revision 1.6 diff -u -p -u -r1.6 printenv.c --- usr.bin/printenv/printenv.c 27 Oct 2009 23:59:41 -0000 1.6 +++ usr.bin/printenv/printenv.c 26 Aug 2015 22:07:37 -0000 @@ -29,6 +29,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <stdio.h> #include <string.h> #include <stdlib.h> @@ -45,6 +47,8 @@ main(int argc, char *argv[]) extern char **environ; char *cp, **ep; int len; + + tame(TAME_STDIO, NULL); if (argc < 2) { for (ep = environ; *ep; ep++) Index: usr.bin/printf/printf.c =================================================================== RCS file: /cvs/src/usr.bin/printf/printf.c,v retrieving revision 1.22 diff -u -p -u -r1.22 printf.c --- usr.bin/printf/printf.c 25 May 2014 07:36:36 -0000 1.22 +++ usr.bin/printf/printf.c 26 Aug 2015 22:07:37 -0000 @@ -29,6 +29,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <ctype.h> #include <stdio.h> #include <stdlib.h> @@ -80,6 +82,8 @@ main(int argc, char *argv[]) char *format; setlocale (LC_ALL, ""); + + tame(TAME_STDIO, NULL); /* Need to accept/ignore "--" option. */ if (argc > 1 && strcmp(argv[1], "--") == 0) { Index: usr.bin/readlink/readlink.c =================================================================== RCS file: /cvs/src/usr.bin/readlink/readlink.c,v retrieving revision 1.25 diff -u -p -u -r1.25 readlink.c --- usr.bin/readlink/readlink.c 1 May 2009 10:36:48 -0000 1.25 +++ usr.bin/readlink/readlink.c 26 Aug 2015 22:07:37 -0000 @@ -27,6 +27,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include <sys/tame.h> + #include <err.h> #include <errno.h> #include <limits.h> @@ -43,6 +45,8 @@ main(int argc, char *argv[]) char buf[PATH_MAX]; int n, ch, nflag = 0, fflag = 0; extern int optind; + + tame(TAME_STDIO | TAME_RPATH, NULL); while ((ch = getopt(argc, argv, "fn")) != -1) switch (ch) { Index: usr.bin/rev/rev.c =================================================================== RCS file: /cvs/src/usr.bin/rev/rev.c,v retrieving revision 1.10 diff -u -p -u -r1.10 rev.c --- usr.bin/rev/rev.c 27 Oct 2009 23:59:42 -0000 1.10 +++ usr.bin/rev/rev.c 26 Aug 2015 22:07:37 -0000 @@ -31,6 +31,7 @@ */ #include <sys/types.h> +#include <sys/tame.h> #include <err.h> #include <errno.h> @@ -49,6 +50,8 @@ main(int argc, char *argv[]) size_t len; int ch, rval; + tame(TAME_STDIO | TAME_RPATH, NULL); + while ((ch = getopt(argc, argv, "")) != -1) switch(ch) { case '?': @@ -71,7 +74,8 @@ main(int argc, char *argv[]) continue; } filename = *argv++; - } + } else + tame(TAME_STDIO, NULL); while ((p = fgetln(fp, &len)) != NULL) { if (p[len - 1] == '

') --len; Index: usr.bin/rs/rs.c =================================================================== RCS file: /cvs/src/usr.bin/rs/rs.c,v retrieving revision 1.25 diff -u -p -u -r1.25 rs.c --- usr.bin/rs/rs.c 20 Aug 2015 22:32:41 -0000 1.25 +++ usr.bin/rs/rs.c 26 Aug 2015 22:07:37 -0000 @@ -35,6 +35,8 @@ * BEWARE: lots of unfinished edges */ +#include <sys/tame.h> + #include <ctype.h> #include <err.h> #include <errno.h> @@ -93,6 +95,8 @@ void putfile(void); int main(int argc, char *argv[]) { + tame(TAME_STDIO, NULL); + getargs(argc, argv); getfile(); if (flags & SHAPEONLY) { Index: usr.bin/script/script.c =================================================================== RCS file: /cvs/src/usr.bin/script/script.c,v retrieving revision 1.27 diff -u -p -u -r1.27 script.c --- usr.bin/script/script.c 19 Jul 2015 06:12:06 -0000 1.27 +++ usr.bin/script/script.c 26 Aug 2015 22:07:37 -0000 @@ -60,6 +60,7 @@ #include <sys/stat.h> #include <sys/ioctl.h> #include <sys/time.h> +#include <sys/tame.h> #include <errno.h> #include <fcntl.h> @@ -165,6 +166,8 @@ main(int argc, char *argv[]) sa.sa_handler = finish; (void)sigaction(SIGCHLD, &sa, NULL); + tame(TAME_STDIO | TAME_IOCTL, NULL); + (void)fclose(fscript); while (1) { if (dead) @@ -247,6 +250,8 @@ dooutput(void) sigemptyset(&sa.sa_mask); sa.sa_handler = SIG_IGN; (void)sigaction(SIGCHLD, &sa, NULL); + + tame(TAME_STDIO, NULL); value.it_interval.tv_sec = 30; value.it_interval.tv_usec = 0; Index: usr.bin/sed/main.c =================================================================== RCS file: /cvs/src/usr.bin/sed/main.c,v retrieving revision 1.24 diff -u -p -u -r1.24 main.c --- usr.bin/sed/main.c 19 Jul 2015 17:21:21 -0000 1.24 +++ usr.bin/sed/main.c 26 Aug 2015 22:07:37 -0000 @@ -36,6 +36,7 @@ #include <sys/types.h> #include <sys/ioctl.h> #include <sys/stat.h> +#include <sys/tame.h> #include <ctype.h> #include <errno.h> @@ -158,6 +159,8 @@ main(int argc, char *argv[]) termwidth = win.ws_col; if (termwidth == 0) termwidth = 60; + + tame(TAME_STDIO | TAME_WPATH | TAME_RPATH | TAME_CPATH, NULL); /* First usage case; script is the first arg */ if (!eflag && !fflag && *argv) { Index: usr.bin/split/split.c =================================================================== RCS file: /cvs/src/usr.bin/split/split.c,v retrieving revision 1.18 diff -u -p -u -r1.18 split.c --- usr.bin/split/split.c 16 Jan 2015 06:40:12 -0000 1.18 +++ usr.bin/split/split.c 26 Aug 2015 22:07:37 -0000 @@ -32,6 +32,7 @@ #include <sys/param.h> /* MAXBSIZE */ #include <sys/types.h> +#include <sys/tame.h> #include <ctype.h> #include <err.h> @@ -67,6 +68,8 @@ main(int argc, char *argv[]) int ch, scale; char *ep, *p; const char *errstr; + + tame(TAME_STDIO | TAME_RPATH | TAME_WPATH | TAME_CPATH, NULL); while ((ch = getopt(argc, argv, "0123456789a:b:l:p:-")) != -1) switch (ch) { Index: usr.bin/stat/stat.c =================================================================== RCS file: /cvs/src/usr.bin/stat/stat.c,v retrieving revision 1.18 diff -u -p -u -r1.18 stat.c --- usr.bin/stat/stat.c 26 Nov 2013 21:08:12 -0000 1.18 +++ usr.bin/stat/stat.c 26 Aug 2015 22:07:37 -0000 @@ -32,6 +32,7 @@ #include <sys/types.h> #include <sys/stat.h> +#include <sys/tame.h> #include <ctype.h> #include <err.h> @@ -157,6 +158,8 @@ main(int argc, char *argv[]) int ch, rc, errs; int lsF, fmtchar, usestat, fn, nonl, quiet; char *statfmt, *options, *synopsis; + + tame(TAME_STDIO | TAME_RPATH, NULL); lsF = 0; fmtchar = '\0'; Index: usr.bin/tail/tail.c =================================================================== RCS file: /cvs/src/usr.bin/tail/tail.c,v retrieving revision 1.17 diff -u -p -u -r1.17 tail.c --- usr.bin/tail/tail.c 27 Oct 2009 23:59:44 -0000 1.17 +++ usr.bin/tail/tail.c 26 Aug 2015 22:07:37 -0000 @@ -34,6 +34,7 @@ #include <sys/types.h> #include <sys/stat.h> +#include <sys/tame.h> #include <err.h> #include <errno.h> @@ -60,6 +61,8 @@ main(int argc, char *argv[]) enum STYLE style; int ch, first; char *p; + + tame(TAME_STDIO | TAME_RPATH, NULL); /* * Tail's options are weird. First, -n10 is the same as -n-10, not Index: usr.bin/tee/tee.c =================================================================== RCS file: /cvs/src/usr.bin/tee/tee.c,v retrieving revision 1.8 diff -u -p -u -r1.8 tee.c --- usr.bin/tee/tee.c 23 Apr 2013 17:48:17 -0000 1.8 +++ usr.bin/tee/tee.c 26 Aug 2015 22:07:37 -0000 @@ -32,6 +32,8 @@ #include <sys/types.h> #include <sys/stat.h> +#include <sys/tame.h> + #include <signal.h> #include <errno.h> #include <fcntl.h> @@ -73,6 +75,8 @@ main(int argc, char *argv[]) char buf[8192]; setlocale(LC_ALL, ""); + + tame(TAME_STDIO | TAME_RPATH | TAME_WPATH | TAME_CPATH, NULL); append = 0; while ((ch = getopt(argc, argv, "ai")) != -1) { Index: usr.bin/tic/tic.c =================================================================== RCS file: /cvs/src/usr.bin/tic/tic.c,v retrieving revision 1.31 diff -u -p -u -r1.31 tic.c --- usr.bin/tic/tic.c 28 Nov 2013 18:24:55 -0000 1.31 +++ usr.bin/tic/tic.c 26 Aug 2015 22:07:37 -0000 @@ -40,6 +40,8 @@ * */ +#include <sys/tame.h> + #include <progs.priv.h> #include <sys/stat.h> @@ -498,6 +500,8 @@ main(int argc, char *argv[]) char *outdir = (char *) NULL; bool check_only = FALSE; bool suppress_untranslatable = FALSE; + + tame(TAME_STDIO | TAME_RPATH, NULL); log_fp = stderr; Index: usr.bin/touch/touch.c =================================================================== RCS file: /cvs/src/usr.bin/touch/touch.c,v retrieving revision 1.23 diff -u -p -u -r1.23 touch.c --- usr.bin/touch/touch.c 17 Mar 2015 19:31:30 -0000 1.23 +++ usr.bin/touch/touch.c 26 Aug 2015 22:50:22 -0000 @@ -33,6 +33,7 @@ #include <sys/types.h> #include <sys/stat.h> #include <sys/time.h> +#include <sys/tame.h> #include <ctype.h> #include <err.h> @@ -59,6 +60,8 @@ main(int argc, char *argv[]) char *p; (void)setlocale(LC_ALL, ""); + + tame(TAME_STDIO | TAME_WPATH | TAME_CPATH | TAME_FATTR, NULL); aflag = cflag = mflag = timeset = 0; while ((ch = getopt(argc, argv, "acd:fmr:t:")) != -1) Index: usr.bin/tr/tr.c =================================================================== RCS file: /cvs/src/usr.bin/tr/tr.c,v retrieving revision 1.17 diff -u -p -u -r1.17 tr.c --- usr.bin/tr/tr.c 3 Jun 2014 20:57:23 -0000 1.17 +++ usr.bin/tr/tr.c 26 Aug 2015 22:07:37 -0000 @@ -31,6 +31,7 @@ */ #include <sys/types.h> +#include <sys/tame.h> #include <stdio.h> #include <stdlib.h> @@ -86,6 +87,8 @@ main(int argc, char *argv[]) { int ch, cnt, lastch, *p; int cflag, dflag, sflag, isstring2; + + tame(TAME_STDIO, NULL); cflag = dflag = sflag = 0; while ((ch = getopt(argc, argv, "Ccds")) != -1) Index: usr.bin/tsort/tsort.c =================================================================== RCS file: /cvs/src/usr.bin/tsort/tsort.c,v retrieving revision 1.26 diff -u -p -u -r1.26 tsort.c --- usr.bin/tsort/tsort.c 29 Jul 2015 10:42:37 -0000 1.26 +++ usr.bin/tsort/tsort.c 26 Aug 2015 22:07:37 -0000 @@ -16,6 +16,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include <sys/tame.h> #include <assert.h> #include <ctype.h> #include <err.h> @@ -806,7 +807,11 @@ main(int argc, char *argv[]) warn_flag, hints_flag, verbose_flag; unsigned int order; + tame(TAME_STDIO | TAME_RPATH, NULL); + order = 0; + + tame(TAME_STDIO, NULL); reverse_flag = quiet_flag = long_flag = warn_flag = hints_flag = verbose_flag = 0; Index: usr.bin/uname/uname.c =================================================================== RCS file: /cvs/src/usr.bin/uname/uname.c,v retrieving revision 1.14 diff -u -p -u -r1.14 uname.c --- usr.bin/uname/uname.c 21 Jul 2015 16:22:59 -0000 1.14 +++ usr.bin/uname/uname.c 26 Aug 2015 22:07:37 -0000 @@ -32,6 +32,7 @@ */ #include <sys/param.h> /* MACHINE_ARCH */ +#include <sys/tame.h> #include <stdio.h> #include <stdlib.h> #include <locale.h> @@ -58,6 +59,8 @@ main(int argc, char *argv[]) int print_mask = 0; setlocale(LC_ALL, ""); + + tame(TAME_STDIO, NULL); while ((c = getopt(argc, argv, "amnrsvp")) != -1 ) { switch (c) { Index: usr.bin/uniq/uniq.c =================================================================== RCS file: /cvs/src/usr.bin/uniq/uniq.c,v retrieving revision 1.19 diff -u -p -u -r1.19 uniq.c --- usr.bin/uniq/uniq.c 26 Nov 2013 19:25:39 -0000 1.19 +++ usr.bin/uniq/uniq.c 26 Aug 2015 22:07:37 -0000 @@ -33,6 +33,7 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> #include <ctype.h> #include <err.h> #include <errno.h> @@ -61,6 +62,8 @@ main(int argc, char *argv[]) int ch; char *prevline, *thisline; + tame(TAME_STDIO | TAME_RPATH | TAME_WPATH, NULL); + obsolete(argv); while ((ch = getopt(argc, argv, "cdf:s:u")) != -1) { const char *errstr; @@ -118,6 +121,8 @@ main(int argc, char *argv[]) default: usage(); } + + tame(TAME_STDIO, NULL); prevline = malloc(MAXLINELEN); thisline = malloc(MAXLINELEN); Index: usr.bin/units/units.c =================================================================== RCS file: /cvs/src/usr.bin/units/units.c,v retrieving revision 1.20 diff -u -p -u -r1.20 units.c --- usr.bin/units/units.c 27 Nov 2013 00:13:24 -0000 1.20 +++ usr.bin/units/units.c 26 Aug 2015 22:07:37 -0000 @@ -18,6 +18,8 @@ * improvements you might make to this program. */ +#include <sys/tame.h> + #include <ctype.h> #include <stdio.h> #include <string.h> @@ -630,6 +632,8 @@ main(int argc, char **argv) extern char *optarg; extern int optind; + + tame(TAME_STDIO | TAME_RPATH, NULL); while ((optchar = getopt(argc, argv, "vqf:")) != -1) { switch (optchar) { Index: usr.bin/unvis/unvis.c =================================================================== RCS file: /cvs/src/usr.bin/unvis/unvis.c,v retrieving revision 1.12 diff -u -p -u -r1.12 unvis.c --- usr.bin/unvis/unvis.c 22 Jan 2014 09:45:21 -0000 1.12 +++ usr.bin/unvis/unvis.c 26 Aug 2015 22:07:37 -0000 @@ -29,6 +29,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <err.h> #include <stdio.h> #include <stdlib.h> @@ -42,6 +44,8 @@ main(int argc, char *argv[]) { FILE *fp; int ch; + + tame(TAME_STDIO | TAME_RPATH, NULL); while ((ch = getopt(argc, argv, "")) != -1) switch(ch) { Index: usr.bin/users/users.c =================================================================== RCS file: /cvs/src/usr.bin/users/users.c,v retrieving revision 1.11 diff -u -p -u -r1.11 users.c --- usr.bin/users/users.c 8 Oct 2014 04:11:28 -0000 1.11 +++ usr.bin/users/users.c 26 Aug 2015 22:07:37 -0000 @@ -31,6 +31,7 @@ */ #include <sys/types.h> +#include <sys/tame.h> #include <err.h> #include <stdio.h> @@ -52,6 +53,8 @@ main(int argc, char *argv[]) int cnt; struct utmp utmp; int ch; + + tame(TAME_STDIO | TAME_RPATH, NULL); while ((ch = getopt(argc, argv, "")) != -1) switch(ch) { Index: usr.bin/vacation/vacation.c =================================================================== RCS file: /cvs/src/usr.bin/vacation/vacation.c,v retrieving revision 1.37 diff -u -p -u -r1.37 vacation.c --- usr.bin/vacation/vacation.c 20 Aug 2015 22:32:42 -0000 1.37 +++ usr.bin/vacation/vacation.c 26 Aug 2015 22:07:37 -0000 @@ -37,6 +37,8 @@ */ #include <sys/stat.h> +#include <sys/tame.h> + #include <fcntl.h> #include <pwd.h> #include <db.h> @@ -92,6 +94,8 @@ main(int argc, char *argv[]) time_t interval; struct stat sb; ALIAS *cur; + + tame(TAME_STDIO | TAME_RPATH, NULL); opterr = iflag = 0; interval = -1; Index: usr.bin/vis/vis.c =================================================================== RCS file: /cvs/src/usr.bin/vis/vis.c,v retrieving revision 1.17 diff -u -p -u -r1.17 vis.c --- usr.bin/vis/vis.c 18 Apr 2015 18:28:38 -0000 1.17 +++ usr.bin/vis/vis.c 26 Aug 2015 22:07:37 -0000 @@ -30,6 +30,8 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> + #include <stdio.h> #include <string.h> #include <stdlib.h> @@ -54,6 +56,8 @@ main(int argc, char *argv[]) const char *errstr; FILE *fp; int ch; + + tame(TAME_STDIO | TAME_RPATH, NULL); while ((ch = getopt(argc, argv, "anwctsobfF:ld")) != -1) switch(ch) { Index: usr.bin/w/w.c =================================================================== RCS file: /cvs/src/usr.bin/w/w.c,v retrieving revision 1.58 diff -u -p -u -r1.58 w.c --- usr.bin/w/w.c 15 Mar 2015 00:41:28 -0000 1.58 +++ usr.bin/w/w.c 26 Aug 2015 22:07:37 -0000 @@ -219,6 +219,17 @@ main(int argc, char *argv[]) kp = kvm_getprocs(kd, KERN_PROC_ALL, 0, sizeof(*kp), &nentries); if (kp == NULL) errx(1, "%s", kvm_geterr(kd)); + + if ((ioctl(STDOUT_FILENO, TIOCGWINSZ, &ws) == -1 && + ioctl(STDERR_FILENO, TIOCGWINSZ, &ws) == -1 && + ioctl(STDIN_FILENO, TIOCGWINSZ, &ws) == -1) || ws.ws_col == 0) + ttywidth = 79; + else + ttywidth = ws.ws_col - 1; + argwidth = ttywidth - WUSED; + if (argwidth < 4) + argwidth = 8; + for (i = 0; i < nentries; i++, kp++) { if (kp->p_psflags & (PS_EMBRYO | PS_ZOMBIE)) continue; @@ -247,15 +258,6 @@ main(int argc, char *argv[]) } } } - if ((ioctl(STDOUT_FILENO, TIOCGWINSZ, &ws) == -1 && - ioctl(STDERR_FILENO, TIOCGWINSZ, &ws) == -1 && - ioctl(STDIN_FILENO, TIOCGWINSZ, &ws) == -1) || ws.ws_col == 0) - ttywidth = 79; - else - ttywidth = ws.ws_col - 1; - argwidth = ttywidth - WUSED; - if (argwidth < 4) - argwidth = 8; /* sort by idle time */ if (sortidle && ehead != NULL) { struct entry *from = ehead, *save; Index: usr.bin/wc/wc.c =================================================================== RCS file: /cvs/src/usr.bin/wc/wc.c,v retrieving revision 1.17 diff -u -p -u -r1.17 wc.c --- usr.bin/wc/wc.c 16 Jan 2015 06:40:14 -0000 1.17 +++ usr.bin/wc/wc.c 26 Aug 2015 22:07:37 -0000 @@ -32,6 +32,7 @@ #include <sys/param.h> /* MAXBSIZE */ #include <sys/stat.h> #include <sys/file.h> +#include <sys/tame.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -56,6 +57,8 @@ main(int argc, char *argv[]) int ch; setlocale(LC_ALL, ""); + + tame(TAME_STDIO | TAME_RPATH, NULL); while ((ch = getopt(argc, argv, "lwchm")) != -1) switch(ch) { Index: usr.bin/what/what.c =================================================================== RCS file: /cvs/src/usr.bin/what/what.c,v retrieving revision 1.13 diff -u -p -u -r1.13 what.c --- usr.bin/what/what.c 22 Jan 2015 19:10:17 -0000 1.13 +++ usr.bin/what/what.c 26 Aug 2015 22:07:37 -0000 @@ -32,6 +32,8 @@ #include <sys/types.h> #include <sys/utsname.h> +#include <sys/tame.h> + #include <stdio.h> #include <ctype.h> #include <err.h> @@ -57,6 +59,8 @@ main(int argc, char *argv[]) struct utsname utsn; char match[256]; int c; + + tame(TAME_STDIO | TAME_RPATH, NULL); matches = sflag = 0; while ((c = getopt(argc, argv, "s")) != -1) { Index: usr.bin/who/who.c =================================================================== RCS file: /cvs/src/usr.bin/who/who.c,v retrieving revision 1.20 diff -u -p -u -r1.20 who.c --- usr.bin/who/who.c 22 Aug 2013 04:43:41 -0000 1.20 +++ usr.bin/who/who.c 26 Aug 2015 22:07:37 -0000 @@ -35,6 +35,8 @@ #include <sys/types.h> #include <sys/stat.h> +#include <sys/tame.h> + #include <paths.h> #include <pwd.h> #include <utmp.h> @@ -71,6 +73,8 @@ main(int argc, char *argv[]) int c; setlocale(LC_ALL, ""); + + tame(TAME_STDIO | TAME_RPATH, NULL); only_current_term = show_term = show_idle = show_labels = 0; show_quick = 0; Index: usr.bin/whois/whois.c =================================================================== RCS file: /cvs/src/usr.bin/whois/whois.c,v retrieving revision 1.48 diff -u -p -u -r1.48 whois.c --- usr.bin/whois/whois.c 17 Aug 2015 10:48:10 -0000 1.48 +++ usr.bin/whois/whois.c 26 Aug 2015 22:07:37 -0000 @@ -31,6 +31,7 @@ #include <sys/types.h> #include <sys/socket.h> +#include <sys/tame.h> #include <netinet/in.h> #include <arpa/inet.h> @@ -137,6 +138,8 @@ main(int argc, char *argv[]) if (!argc || (country != NULL && host != NULL)) usage(); + + tame(TAME_STDIO | TAME_DNS | TAME_INET, NULL); if (host == NULL && country == NULL && !(flags & WHOIS_QUICK)) flags |= WHOIS_RECURSE; Index: usr.bin/yes/yes.c =================================================================== RCS file: /cvs/src/usr.bin/yes/yes.c,v retrieving revision 1.8 diff -u -p -u -r1.8 yes.c --- usr.bin/yes/yes.c 27 Oct 2009 23:59:50 -0000 1.8 +++ usr.bin/yes/yes.c 26 Aug 2015 22:07:37 -0000 @@ -30,11 +30,14 @@ * SUCH DAMAGE. */ +#include <sys/tame.h> #include <stdio.h> int main(int argc, char *argv[]) { + tame(TAME_STDIO, NULL); + if (argc > 1) for (;;) puts(argv[1]); Index: usr.sbin/acpidump/acpidump.c =================================================================== RCS file: /cvs/src/usr.sbin/acpidump/acpidump.c,v retrieving revision 1.10 diff -u -p -u -r1.10 acpidump.c --- usr.sbin/acpidump/acpidump.c 8 Jul 2014 10:28:02 -0000 1.10 +++ usr.sbin/acpidump/acpidump.c 26 Aug 2015 22:07:37 -0000 @@ -30,6 +30,7 @@ #include <sys/mman.h> #include <sys/queue.h> #include <sys/stat.h> +#include <sys/tame.h> #include <assert.h> #include <err.h> @@ -265,7 +266,6 @@ acpi_find_rsd_ptr(void) int i; u_int8_t buf[sizeof(struct ACPIrsdp)]; - acpi_user_init(); for (i = 0; i < 1024 * 1024; i += 16) { lseek(acpi_mem_fd, i, SEEK_SET); read(acpi_mem_fd, buf, 16); @@ -515,6 +515,10 @@ asl_dump_from_devmem(void) snprintf(name, sizeof(name), "%s.headers", aml_dumpfile); + acpi_user_init(); + + tame(TAME_STDIO | TAME_WPATH | TAME_CPATH, NULL); + rp = acpi_find_rsd_ptr(); if (!rp) errx(1, "Can't find ACPI information"); @@ -549,10 +553,14 @@ main(int argc, char *argv[]) char c; while ((c = getopt(argc, argv, "o:")) != -1) { - if (c == 'o') + switch (c) { + case 'o': aml_dumpfile = optarg; - else + break; + default: usage(); + break; + } } if (aml_dumpfile == NULL) Index: usr.sbin/arp/arp.c =================================================================== RCS file: /cvs/src/usr.sbin/arp/arp.c,v retrieving revision 1.64 diff -u -p -u -r1.64 arp.c --- usr.sbin/arp/arp.c 3 Jun 2015 08:10:53 -0000 1.64 +++ usr.sbin/arp/arp.c 26 Aug 2015 22:07:37 -0000 @@ -41,6 +41,7 @@ #include <sys/socket.h> #include <sys/sysctl.h> #include <sys/ioctl.h> +#include <sys/tame.h> #include <net/bpf.h> #include <net/if.h> #include <net/if_dl.h> @@ -160,8 +161,11 @@ main(int argc, char *argv[]) func = F_GET; rtn = 0; + getsocket(); + switch (func) { case F_GET: + tame(TAME_STDIO | TAME_DNS | TAME_INET, NULL); if (aflag && argc == 0) dump(); else if (!aflag && argc == 1) @@ -177,6 +181,7 @@ main(int argc, char *argv[]) rtn = set(argc, argv) ? 1 : 0; break; case F_DELETE: + tame(TAME_STDIO | TAME_DNS | TAME_INET, NULL); if (aflag && argc == 0) search(0, nuke_entry); else if (!aflag && argc == 1) @@ -278,7 +283,6 @@ set(int argc, char *argv[]) sin = &sin_m; rtm = &(m_rtmsg.m_rtm); - getsocket(); argc -= 2; argv += 2; sdl_m = blank_sdl; /* struct copy */ @@ -408,7 +412,6 @@ delete(const char *host, const char *inf if (info && strncmp(info, "pro", 3) ) export_only = 1; - getsocket(); sin_m = blank_sin; /* struct copy */ if (getinetaddr(host, &sin->sin_addr) == -1) return (1); Index: usr.sbin/authpf/authpf.c =================================================================== RCS file: /cvs/src/usr.sbin/authpf/authpf.c,v retrieving revision 1.123 diff -u -p -u -r1.123 authpf.c --- usr.sbin/authpf/authpf.c 21 Jan 2015 21:50:32 -0000 1.123 +++ usr.sbin/authpf/authpf.c 26 Aug 2015 22:07:37 -0000 @@ -23,6 +23,7 @@ #include <sys/stat.h> #include <sys/time.h> #include <sys/wait.h> +#include <sys/tame.h> #include <netinet/in.h> #include <arpa/inet.h> @@ -147,6 +148,8 @@ main(int argc, char *argv[]) shell = pw->pw_shell; login_close(lc); + + tame(TAME_STDIO | TAME_WPATH, NULL); if (strcmp(shell, PATH_AUTHPF_SHELL) && strcmp(shell, PATH_AUTHPF_SHELL_NOIP)) { Index: usr.sbin/bgpd/rde.c =================================================================== RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v retrieving revision 1.336 diff -u -p -u -r1.336 rde.c --- usr.sbin/bgpd/rde.c 4 Aug 2015 14:46:38 -0000 1.336 +++ usr.sbin/bgpd/rde.c 26 Aug 2015 22:07:37 -0000 @@ -20,6 +20,7 @@ #include <sys/socket.h> #include <sys/time.h> #include <sys/resource.h> +#include <sys/tame.h> #include <errno.h> #include <ifaddrs.h> @@ -185,6 +186,8 @@ rde_main(int debug, int verbose) setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("can't drop privileges"); + + tame(TAME_MALLOC | TAME_UNIX | TAME_CMSG, NULL); signal(SIGTERM, rde_sighdlr); signal(SIGINT, rde_sighdlr); Index: usr.sbin/bgpd/session.c =================================================================== RCS file: /cvs/src/usr.sbin/bgpd/session.c,v retrieving revision 1.340 diff -u -p -u -r1.340 session.c --- usr.sbin/bgpd/session.c 4 Aug 2015 14:46:38 -0000 1.340 +++ usr.sbin/bgpd/session.c 26 Aug 2015 22:07:37 -0000 @@ -17,12 +17,13 @@ */ #include <sys/types.h> - #include <sys/mman.h> #include <sys/socket.h> #include <sys/time.h> #include <sys/resource.h> #include <sys/un.h> +#include <sys/tame.h> + #include <net/if_types.h> #include <netinet/in.h> #include <netinet/ip.h> @@ -218,6 +219,8 @@ session_main(int debug, int verbose) setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("can't drop privileges"); + + tame(TAME_MALLOC | TAME_INET | TAME_CMSG, NULL); signal(SIGTERM, session_sighdlr); signal(SIGINT, session_sighdlr); Index: usr.sbin/httpd/httpd.c =================================================================== RCS file: /cvs/src/usr.sbin/httpd/httpd.c,v retrieving revision 1.39 diff -u -p -u -r1.39 httpd.c --- usr.sbin/httpd/httpd.c 20 Aug 2015 13:00:23 -0000 1.39 +++ usr.sbin/httpd/httpd.c 26 Aug 2015 22:07:37 -0000 @@ -23,6 +23,7 @@ #include <sys/stat.h> #include <sys/wait.h> #include <sys/resource.h> +#include <sys/tame.h> #include <netinet/in.h> #include <arpa/inet.h> @@ -246,6 +247,9 @@ main(int argc, char *argv[]) proc_init(ps, procs, nitems(procs)); setproctitle("parent"); + + tame(TAME_MALLOC | TAME_INET | TAME_CMSG | TAME_RPATH | TAME_WPATH | + TAME_PROC | TAME_IOCTL, NULL); event_init(); Index: usr.sbin/httpd/logger.c =================================================================== RCS file: /cvs/src/usr.sbin/httpd/logger.c,v retrieving revision 1.13 diff -u -p -u -r1.13 logger.c --- usr.sbin/httpd/logger.c 20 Aug 2015 13:00:23 -0000 1.13 +++ usr.sbin/httpd/logger.c 26 Aug 2015 22:07:37 -0000 @@ -20,6 +20,7 @@ #include <sys/types.h> #include <sys/queue.h> #include <sys/uio.h> +#include <sys/tame.h> #include <limits.h> #include <stdio.h> @@ -70,6 +71,8 @@ logger_shutdown(void) void logger_init(struct privsep *ps, struct privsep_proc *p, void *arg) { + tame(TAME_MALLOC | TAME_CMSG, NULL); + if (config_init(ps->ps_env) == -1) fatal("failed to initialize configuration"); Index: usr.sbin/httpd/server.c =================================================================== RCS file: /cvs/src/usr.sbin/httpd/server.c,v retrieving revision 1.75 diff -u -p -u -r1.75 server.c --- usr.sbin/httpd/server.c 20 Aug 2015 13:00:23 -0000 1.75 +++ usr.sbin/httpd/server.c 26 Aug 2015 22:07:37 -0000 @@ -24,6 +24,7 @@ #include <sys/socket.h> #include <sys/uio.h> #include <sys/tree.h> +#include <sys/tame.h> #include <netinet/in.h> #include <netinet/tcp.h> @@ -243,6 +244,14 @@ server_init(struct privsep *ps, struct p /* Unlimited file descriptors (use system limits) */ socket_rlimit(-1); + + /* + * XXX TAME_INET and TAME_UNIX are only needed for fcgi + * however if fcgi is used or not can change on config reload + * should we re-fork the children and tame again on reload + */ + tame(TAME_MALLOC | TAME_CMSG | TAME_RPATH | TAME_PROC | + TAME_INET | TAME_UNIX | TAME_IOCTL, NULL); #if 0 /* Schedule statistics timer */ Index: usr.sbin/ntpd/ntp.c =================================================================== RCS file: /cvs/src/usr.sbin/ntpd/ntp.c,v retrieving revision 1.135 diff -u -p -u -r1.135 ntp.c --- usr.sbin/ntpd/ntp.c 14 Aug 2015 02:00:18 -0000 1.135 +++ usr.sbin/ntpd/ntp.c 26 Aug 2015 22:07:37 -0000 @@ -20,6 +20,7 @@ #include <sys/types.h> #include <sys/time.h> #include <sys/stat.h> +#include <sys/tame.h> #include <errno.h> #include <fcntl.h> #include <paths.h> @@ -164,6 +165,9 @@ ntp_main(int pipe_prnt[2], int fd_ctl, s fatal("can't drop privileges"); endservent(); + + /* TAME_DNS for constraint.c */ + tame(TAME_STDIO | TAME_RW | TAME_INET | TAME_DNS | TAME_PROC, NULL); signal(SIGTERM, ntp_sighdlr); signal(SIGINT, ntp_sighdlr); Index: usr.sbin/ntpd/ntp_dns.c =================================================================== RCS file: /cvs/src/usr.sbin/ntpd/ntp_dns.c,v retrieving revision 1.10 diff -u -p -u -r1.10 ntp_dns.c --- usr.sbin/ntpd/ntp_dns.c 24 Mar 2015 18:25:27 -0000 1.10 +++ usr.sbin/ntpd/ntp_dns.c 26 Aug 2015 22:07:37 -0000 @@ -19,6 +19,7 @@ #include <sys/types.h> #include <sys/resource.h> #include <sys/time.h> +#include <sys/tame.h> #include <err.h> #include <errno.h> @@ -89,6 +90,8 @@ ntp_dns(int pipe_ntp[2], struct ntpd_con if ((ibuf_dns = malloc(sizeof(struct imsgbuf))) == NULL) fatal(NULL); imsg_init(ibuf_dns, pipe_ntp[1]); + + tame(TAME_DNS | TAME_RW, NULL); while (quit_dns == 0) { pfd[0].fd = ibuf_dns->fd; Index: usr.sbin/ntpd/ntpd.c =================================================================== RCS file: /cvs/src/usr.sbin/ntpd/ntpd.c,v retrieving revision 1.94 diff -u -p -u -r1.94 ntpd.c --- usr.sbin/ntpd/ntpd.c 18 Jul 2015 00:53:44 -0000 1.94 +++ usr.sbin/ntpd/ntpd.c 26 Aug 2015 22:07:37 -0000 @@ -22,6 +22,7 @@ #include <sys/socket.h> #include <sys/wait.h> #include <sys/un.h> +#include <sys/tame.h> #include <netinet/in.h> #include <errno.h> #include <poll.h> @@ -196,6 +197,9 @@ main(int argc, char *argv[]) setproctitle("[priv]"); readfreq(); +// XXX missing: adjtime() to change time +// tame(TAME_STDIO | TAME_UNIX | TAME_PROC, NULL); + signal(SIGTERM, sighdlr); signal(SIGINT, sighdlr); signal(SIGHUP, sighdlr); @@ -564,6 +568,8 @@ ctl_main(int argc, char *argv[]) errx(1, "ctl socket name too long"); if (connect(fd, (struct sockaddr *)&sa, sizeof(sa)) == -1) err(1, "connect: %s", sockname); + + tame(TAME_STDIO, NULL); if ((ibuf_ctl = malloc(sizeof(struct imsgbuf))) == NULL) err(1, NULL); Index: usr.sbin/relayd/ca.c =================================================================== RCS file: /cvs/src/usr.sbin/relayd/ca.c,v retrieving revision 1.13 diff -u -p -u -r1.13 ca.c --- usr.sbin/relayd/ca.c 2 May 2015 13:15:24 -0000 1.13 +++ usr.sbin/relayd/ca.c 26 Aug 2015 22:07:37 -0000 @@ -19,6 +19,7 @@ #include <sys/types.h> #include <sys/queue.h> #include <sys/uio.h> +#include <sys/tame.h> #include <unistd.h> #include <string.h> @@ -73,6 +74,8 @@ ca(struct privsep *ps, struct privsep_pr void ca_init(struct privsep *ps, struct privsep_proc *p, void *arg) { + tame(TAME_MALLOC | TAME_RW | TAME_CMSG, NULL); + if (config_init(ps->ps_env) == -1) fatal("failed to initialize configuration"); Index: usr.sbin/syslogd/syslogd.c =================================================================== RCS file: /cvs/src/usr.sbin/syslogd/syslogd.c,v retrieving revision 1.178 diff -u -p -u -r1.178 syslogd.c --- usr.sbin/syslogd/syslogd.c 25 Aug 2015 17:14:16 -0000 1.178 +++ usr.sbin/syslogd/syslogd.c 26 Aug 2015 22:07:37 -0000 @@ -75,6 +75,7 @@ #include <sys/un.h> #include <sys/time.h> #include <sys/resource.h> +#include <sys/tame.h> #include <netinet/in.h> #include <netdb.h> @@ -589,6 +590,8 @@ main(int argc, char *argv[]) /* Privilege separation begins here */ if (priv_init(ConfFile, NoDNS, lockpipe[1], nullfd, argv) < 0) errx(1, "unable to privsep"); + + tame(TAME_MALLOC | TAME_RPATH | TAME_UNIX | TAME_INET | TAME_CMSG, NULL); /* Process is now unprivileged and inside a chroot */ event_init(); Index: usr.sbin/tcpdump/privsep.c =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/privsep.c,v retrieving revision 1.35 diff -u -p -u -r1.35 privsep.c --- usr.sbin/tcpdump/privsep.c 21 Aug 2015 02:07:32 -0000 1.35 +++ usr.sbin/tcpdump/privsep.c 26 Aug 2015 22:07:37 -0000 @@ -21,6 +21,7 @@ #include <sys/socket.h> #include <sys/wait.h> #include <sys/ioctl.h> +#include <sys/tame.h> #include <netinet/in.h> #include <net/if.h> @@ -281,6 +282,8 @@ priv_init(int argc, char **argv) case PRIV_INIT_DONE: test_state(cmd, STATE_RUN); impl_init_done(socks[0], &bpfd); + tame(TAME_MALLOC | TAME_CMSG | TAME_INET | + TAME_IOCTL | TAME_DNS | TAME_RPATH, NULL); break; case PRIV_GETHOSTBYADDR: test_state(cmd, STATE_RUN); Index: usr.sbin/tcpdump/tcpdump.c =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.c,v retrieving revision 1.72 diff -u -p -u -r1.72 tcpdump.c --- usr.sbin/tcpdump/tcpdump.c 14 Jul 2015 20:23:40 -0000 1.72 +++ usr.sbin/tcpdump/tcpdump.c 26 Aug 2015 22:07:37 -0000 @@ -33,6 +33,7 @@ #include <sys/time.h> #include <sys/ioctl.h> #include <sys/wait.h> +#include <sys/tame.h> #include <netinet/in.h> @@ -490,6 +491,7 @@ main(int argc, char **argv) if (tflag > 0) thiszone = gmt2local(0); + tame(TAME_STDIO, NULL); if (pcap_loop(pd, cnt, printer, pcap_userdata) < 0) { (void)fprintf(stderr, "%s: pcap_loop: %s

", Index: usr.sbin/traceroute/traceroute.c =================================================================== RCS file: /cvs/src/usr.sbin/traceroute/traceroute.c,v retrieving revision 1.140 diff -u -p -u -r1.140 traceroute.c --- usr.sbin/traceroute/traceroute.c 16 Jul 2015 22:47:46 -0000 1.140 +++ usr.sbin/traceroute/traceroute.c 26 Aug 2015 22:07:37 -0000 @@ -239,6 +239,7 @@ #include <sys/file.h> #include <sys/ioctl.h> #include <sys/sysctl.h> +#include <sys/tame.h> #include <netinet/in.h> #include <netinet/ip.h> @@ -843,6 +844,11 @@ main(int argc, char *argv[]) if (setsockopt(sndsock, SOL_SOCKET, SO_SNDBUF, (char *)&datalen, sizeof(datalen)) < 0) err(6, "SO_SNDBUF"); + + if (nflag) + tame(TAME_STDIO | TAME_INET, NULL); + else + tame(TAME_STDIO | TAME_INET | TAME_DNS, NULL); if (getnameinfo(to, to->sa_len, hbuf, sizeof(hbuf), NULL, 0, NI_NUMERICHOST)) [prev in list] [next in list] [ prev in thread ] [next in thread]