Run altermime with pledge(). It's fairly small and self-contained and

does string processing on what is often untrusted input, so this seems a good candidate for defensive use of pledge (allowing all file io, as it creates temporary files at various points during run, but has no need for network). pledge() is often not a good match for software in ports, but this seems a suitable candidate and it changes very infrequently so doesn't add a big maintenance burden. looks good to deraadt, ok semarie@
2021-02-10 11:43:58 +00:00 · 2021-02-10 11:43:58 +00:00 · 8503ec0f44
commit 8503ec0f44
parent ff3ea94dfe
2 changed files with 29 additions and 2 deletions
--- a/mail/altermime/Makefile
+++ b/mail/altermime/Makefile
@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.4 2019/07/14 00:39:38 naddy Exp $
+# $OpenBSD: Makefile,v 1.5 2021/02/10 11:43:58 sthen Exp $

 COMMENT=	utility for altering mime-encoded mailpacks

 DISTNAME=	altermime-0.3.10
-REVISION=	0
+REVISION=	1

 CATEGORIES=	mail

@ -13,6 +13,7 @@ HOMEPAGE=	https://pldaniels.com/altermime/
 # (see share/doc/altermime/LICENCE)
 PERMIT_PACKAGE=	Yes

+# uses pledge()
 WANTLIB += c

 MASTER_SITES=	${HOMEPAGE}
--- a/mail/altermime/patches/patch-altermime_c
+++ b/mail/altermime/patches/patch-altermime_c
@ -0,0 +1,26 @@
+$OpenBSD: patch-altermime_c,v 1.1 2021/02/10 11:43:58 sthen Exp $
+
+Index: altermime.c
+--- altermime.c.orig
+++ altermime.c
+@@ -11,6 +11,8 @@ Description:   Altermime is a program/object which wil
+ #include <stdlib.h>
+ #include <string.h>
+ #include <syslog.h>
+#include <unistd.h>
+#include <errno.h>
+ 
+ #include "mime_alter.h"
+ #include "logger.h"
+@@ -319,6 +321,11 @@ int main( int argc, char **argv )
+ 	struct ALTERMIMEAPP_globals glb;
+ 
+ 	LOGGER_set_output_mode(_LOGGER_STDOUT);
+
+	if (pledge("stdio rpath wpath cpath", NULL) == -1) {
+		LOGGER_log("Error: pledge: %s\n", strerror(errno));
+		exit(1);
+	}
+ 
+ 	ALTERMIMEAPP_init( &glb );
+