Add pledge "stdio unix sendfd proc exec tty" to tmux client process,

"sendfd" is dropped after first message from the server.
This commit is contained in:
nicm 2015-10-17 18:30:43 +00:00
parent cf89abb013
commit 9c601ebde8

View File

@ -55,7 +55,7 @@ int client_attached;
__dead void client_exec(const char *); __dead void client_exec(const char *);
int client_get_lock(char *); int client_get_lock(char *);
int client_connect(struct event_base *, char *, int); int client_connect(struct event_base *, char *, int);
void client_send_identify(void); void client_send_identify(const char *, int);
int client_write_one(enum msgtype, int, const void *, size_t); int client_write_one(enum msgtype, int, const void *, size_t);
int client_write_server(enum msgtype, const void *, size_t); int client_write_server(enum msgtype, const void *, size_t);
void client_update_event(void); void client_update_event(void);
@ -214,7 +214,8 @@ client_main(struct event_base *base, int argc, char **argv, int flags)
struct cmd *cmd; struct cmd *cmd;
struct cmd_list *cmdlist; struct cmd_list *cmdlist;
struct msg_command_data *data; struct msg_command_data *data;
int cmdflags, fd, i; int cmdflags, fd, i, cwd;
const char* ttynam;
pid_t ppid; pid_t ppid;
enum msgtype msg; enum msgtype msg;
char *cause; char *cause;
@ -272,6 +273,26 @@ client_main(struct event_base *base, int argc, char **argv, int flags)
} }
return (1); return (1);
} }
/* Save these before pledge(). */
if ((cwd = open(".", O_RDONLY)) == -1)
cwd = open("/", O_RDONLY);
if ((ttynam = ttyname(STDIN_FILENO)) == NULL)
ttynam = "";
/*
* Drop privileges for client. "proc exec" is needed for -c and for
* locking (which uses system(3)).
*
* "tty" is needed to restore termios(4) and also for some reason -CC
* does not work properly without it (input is not recognised).
*
* "sendfd" is dropped later in client_dispatch_wait().
*/
if (pledge("stdio unix sendfd proc exec tty", NULL) != 0)
fatal("pledge failed");
/* Free stuff that is not used in the client. */
options_free(&global_options); options_free(&global_options);
options_free(&global_s_options); options_free(&global_s_options);
options_free(&global_w_options); options_free(&global_w_options);
@ -304,7 +325,7 @@ client_main(struct event_base *base, int argc, char **argv, int flags)
} }
/* Send identify messages. */ /* Send identify messages. */
client_send_identify(); client_send_identify(ttynam, cwd); /* closes cwd */
/* Send first command. */ /* Send first command. */
if (msg == MSG_COMMAND) { if (msg == MSG_COMMAND) {
@ -359,7 +380,7 @@ client_main(struct event_base *base, int argc, char **argv, int flags)
/* Send identify messages to server. */ /* Send identify messages to server. */
void void
client_send_identify(void) client_send_identify(const char *ttynam, int cwd)
{ {
const char *s; const char *s;
char **ss; char **ss;
@ -373,13 +394,8 @@ client_send_identify(void)
s = ""; s = "";
client_write_one(MSG_IDENTIFY_TERM, -1, s, strlen(s) + 1); client_write_one(MSG_IDENTIFY_TERM, -1, s, strlen(s) + 1);
if ((s = ttyname(STDIN_FILENO)) == NULL) client_write_one(MSG_IDENTIFY_TTYNAME, -1, ttynam, strlen(ttynam) + 1);
s = ""; client_write_one(MSG_IDENTIFY_CWD, cwd, NULL, 0);
client_write_one(MSG_IDENTIFY_TTYNAME, -1, s, strlen(s) + 1);
if ((fd = open(".", O_RDONLY)) == -1)
fd = open("/", O_RDONLY);
client_write_one(MSG_IDENTIFY_CWD, fd, NULL, 0);
if ((fd = dup(STDIN_FILENO)) == -1) if ((fd = dup(STDIN_FILENO)) == -1)
fatal("dup failed"); fatal("dup failed");
@ -395,8 +411,6 @@ client_send_identify(void)
} }
client_write_one(MSG_IDENTIFY_DONE, -1, NULL, 0); client_write_one(MSG_IDENTIFY_DONE, -1, NULL, 0);
client_update_event();
} }
/* Helper to send one message. */ /* Helper to send one message. */
@ -587,6 +601,19 @@ client_dispatch_wait(void)
struct msg_stdout_data stdoutdata; struct msg_stdout_data stdoutdata;
struct msg_stderr_data stderrdata; struct msg_stderr_data stderrdata;
int retval; int retval;
static int pledge_applied;
/*
* "sendfd" is no longer required once all of the identify messages
* have been sent. We know the server won't send us anything until that
* point (because we don't ask it to), so we can drop "sendfd" once we
* get the first message from the server.
*/
if (!pledge_applied) {
if (pledge("stdio unix proc exec tty", NULL) != 0)
fatal("pledge failed");
pledge_applied = 1;
};
for (;;) { for (;;) {
if ((n = imsg_get(&client_ibuf, &imsg)) == -1) if ((n = imsg_get(&client_ibuf, &imsg)) == -1)