mirror of
https://codeberg.org/libreboot/lbmk.git
synced 2026-07-11 05:52:36 +02:00
util/nvmutil: Do not allow /dev/urandom on OBSD
There, we use arc4random_buf which does not directly access /dev/urandom on BSD; it uses a userspace method instead, which bypasses this. This is therefore much more restrictive, which is exactly the point of unveil(2) and pledge(2); restrict your program's operation while ensuring that it has what it needs, to help with debugging and prevent common bugs. Signed-off-by: Leah Rowe <leah@libreboot.org>
This commit is contained in:
+8
-10
@@ -212,18 +212,16 @@ main(int argc, char *argv[])
|
|||||||
/*
|
/*
|
||||||
* For restricted filesystem access on early error.
|
* For restricted filesystem access on early error.
|
||||||
*
|
*
|
||||||
* Unveiling the random device early, regardless of
|
* This prevents access to /dev/urandom, which we
|
||||||
* whether we will use it, prevents operations on any
|
* should never use in OpenBSD (we use arc4random),
|
||||||
* GbE files until we permit it, while performing the
|
* thus guarding against any future bugs there.
|
||||||
* prerequisite error checks.
|
|
||||||
*
|
*
|
||||||
* We don't actually use the random device on platforms
|
* This also prevents early reads to the GbE file,
|
||||||
* that have arc4random, which includes OpenBSD.
|
* while performing other checks; we will later
|
||||||
|
* unveil the GbE file, to allow access.
|
||||||
*/
|
*/
|
||||||
if (unveil("/dev/urandom", "r") == -1)
|
if (unveil("/dev/null", "r") == -1)
|
||||||
err(ECANCELED, "unveil '/dev/urandom'");
|
err(ECANCELED, "unveil '/dev/null'");
|
||||||
if (unveil("/dev/random", "r") == -1)
|
|
||||||
err(ECANCELED, "unveil '/dev/random'");
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
set_cmd(argc, argv);
|
set_cmd(argc, argv);
|
||||||
|
|||||||
Reference in New Issue
Block a user