Re: Using tame() in userland

Fri, 28 Aug 2015 01:07:28 -0700 

   have a much more stringent one for tsort.

Index: tsort.c
===================================================================
RCS file: /build/data/openbsd/cvs/src/usr.bin/tsort/tsort.c,v
retrieving revision 1.26
diff -u -p -r1.26 tsort.c
--- tsort.c     29 Jul 2015 10:42:37 -0000      1.26
+++ tsort.c     28 Aug 2015 08:03:59 -0000
@@ -28,6 +28,7 @@
 #include <sysexits.h>
 #include <unistd.h>
 #include <ohash.h>
+#include <sys/tame.h>
 
 /* The complexity of topological sorting is O(e), where e is the
  * size of input.  While reading input, vertices have to be identified,
@@ -798,6 +799,43 @@ find_longest_cycle(struct array *h, stru
 
 #define plural(n) ((n) > 1 ? "s" : "")
 
+static void
+TAME(int flags, const char *wl[])
+{
+       if (tame(flags, wl) != 0)
+               err(1, "untamed program");
+}
+
+static void 
+compute_whitelist(int argc, char *argv[], char *args[])
+{
+       int c;
+       int i = 0;
+
+       while ((c = getopt(argc, argv, "h:flqrvw")) != -1) {
+               switch(c) {
+               case 'h':
+                       args[i++] = optarg;
+                       /*FALLTHRU*/
+               case 'f':
+               case 'l':
+               case 'q':
+               case 'r':
+               case 'v':
+               case 'w':
+                       break;
+               default:
+                       usage();
+               }
+       }
+       argc -= optind;
+       argv += optind;
+       if (argc == 1)
+               args[i++] = argv[0];
+       args[i] = NULL;
+       optind = optreset = 1;
+}
+
 int
 main(int argc, char *argv[])
 {
@@ -806,6 +844,10 @@ main(int argc, char *argv[])
                            warn_flag, hints_flag, verbose_flag;
        unsigned int    order;
 
+       char *args[3];
+
+       compute_whitelist(argc, argv, args);
+       TAME(TAME_STDIO|TAME_RPATH, args);
        order = 0;
 
        reverse_flag = quiet_flag = long_flag =
@@ -863,6 +905,7 @@ main(int argc, char *argv[])
                FILE *f;
 
                f = fopen(argv[0], "r");
+               TAME(TAME_STDIO, NULL);
                if (f == NULL)
                        err(EX_NOINPUT, "Can't open file %s", argv[1]);
                order = read_pairs(f, &pairs, reverse_flag, argv[1], order,
@@ -871,6 +914,7 @@ main(int argc, char *argv[])
                break;
        }
        case 0:
+               TAME(TAME_STDIO, NULL);
                order = read_pairs(stdin, &pairs, reverse_flag, "stdin",
                    order, hints_flag == 2);
                break;
@@ -878,6 +922,7 @@ main(int argc, char *argv[])
                usage();
        }
 
+       TAME(TAME_RW, NULL);
        {
            struct array        aux;    /* Unrefed nodes/cycle reporting.  */
            struct array        remaining;

Reply via email to