dj(1): adds pledge(2) and unveil(2) support

src/dj.c

@@ -26,7 +26,8 @@
 #include <string.h> /* memcpy(3), memmove(3), memset(3) */
 #include <sysexits.h> /* EX_OK, EX_OSERR, EX_USAGE */
 #include <unistd.h> /* close(2), getopt(3), lseek(2), read(2), write(2),
-                     * optarg, optind, STDIN_FILENO, STDOUT_FILENO */
+                     * pledge(2), unveil(2), optarg, optind, STDIN_FILENO,
+					 * STDOUT_FILENO */
 #include <sys/stat.h> /* S_IRGRP, S_IROTH, S_IRUSR, S_IWGRP, S_IWOTH, S_IWUSR */
 
 char *program_name = "dj";
@@ -123,7 +124,6 @@ fprintio(FILE *stream, char *fmt, struct Io io[2]) {
 		io[0].rec,
 		io[0].prec,
 		io[1].rec,
-		io[1].prec,
 		io[0].bytes,
 		io[1].bytes
 	);
@@ -167,6 +167,12 @@ usage(char *argv0) {
 }
 
 int main(int argc, char *argv[]) {
+#ifdef __OpenBSD__
+	if (pledge("cpath rpath stdio unveil wpath", NULL) == -1) {
+		return oserr("pledge", errno);
+	}
+#endif
+
    	int align;    /* low 8b used, negative if no alignment is being done */
 	int count;    /* -1 if dj(1) runs until no more reads are possible */
 	char *fmt;    /* set to fmt_asv (default) or fmt_human (-H) */
@@ -208,6 +214,16 @@ int main(int argc, char *argv[]) {
 						break;
 					} else {
 						int fd;
+#ifdef __OpenBSD__
+						char *perms = "wc";
+
+						/* modify perms in-place to read-only */
+						if (i == 0) { perms = "r"; }
+
+						if (unveil(optarg, perms) == -1) {
+							return oserr("unveil", errno);
+						}
+#endif
 
 						if (
 							(fd = open(optarg, io[i].fl, creat_mode)) != -1
@@ -248,6 +264,9 @@ int main(int argc, char *argv[]) {
 			}
 		}
 	}
+#ifdef __OpenBSD__
+	if (unveil(NULL, NULL) == -1) { return oserr("unveil", errno); }
+#endif
 
 	assert(io->fd != STDIN_FILENO  || io->fl == read_flags);
 	assert(io->fd != STDOUT_FILENO || io->fl == write_flags);