mirror of
https://codeberg.org/libreboot/lbmk.git
synced 2026-07-11 05:52:36 +02:00
util/nvmutil: Do not allow /dev/urandom on OBSD
There, we use arc4random_buf which does not directly access /dev/urandom on BSD; it uses a userspace method instead, which bypasses this. This is therefore much more restrictive, which is exactly the point of unveil(2) and pledge(2); restrict your program's operation while ensuring that it has what it needs, to help with debugging and prevent common bugs. Signed-off-by: Leah Rowe <leah@libreboot.org>
This commit is contained in:
+8
-10
@@ -212,18 +212,16 @@ main(int argc, char *argv[])
|
||||
/*
|
||||
* For restricted filesystem access on early error.
|
||||
*
|
||||
* Unveiling the random device early, regardless of
|
||||
* whether we will use it, prevents operations on any
|
||||
* GbE files until we permit it, while performing the
|
||||
* prerequisite error checks.
|
||||
* This prevents access to /dev/urandom, which we
|
||||
* should never use in OpenBSD (we use arc4random),
|
||||
* thus guarding against any future bugs there.
|
||||
*
|
||||
* We don't actually use the random device on platforms
|
||||
* that have arc4random, which includes OpenBSD.
|
||||
* This also prevents early reads to the GbE file,
|
||||
* while performing other checks; we will later
|
||||
* unveil the GbE file, to allow access.
|
||||
*/
|
||||
if (unveil("/dev/urandom", "r") == -1)
|
||||
err(ECANCELED, "unveil '/dev/urandom'");
|
||||
if (unveil("/dev/random", "r") == -1)
|
||||
err(ECANCELED, "unveil '/dev/random'");
|
||||
if (unveil("/dev/null", "r") == -1)
|
||||
err(ECANCELED, "unveil '/dev/null'");
|
||||
#endif
|
||||
|
||||
set_cmd(argc, argv);
|
||||
|
||||
Reference in New Issue
Block a user