correct some unveil(2) violations due to "login.conf.db" access (the .db version

of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).

problem initially noted by myself for passwd(1)
millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1)
mestre@ noted chpass(1) too

ok mestre@ millert@

5 files changed, 15 insertions, 9 deletions

diff --git a/usr.bin/chpass/chpass.c b/usr.bin/chpass/chpass.c
index 60fd6a147c9..f20b7f18b9b 100644
--- a/usr.bin/chpass/chpass.c
+++ b/usr.bin/chpass/chpass.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: chpass.c,v 1.45 2019/04/30 18:28:45 mestre Exp $	*/
+/*	$OpenBSD: chpass.c,v 1.46 2019/09/14 17:47:00 semarie Exp $	*/
 /*	$NetBSD: chpass.c,v 1.8 1996/05/15 21:50:43 jtc Exp $	*/
 
 /*-
@@ -183,7 +183,7 @@ main(int argc, char *argv[])
 	sigdelset(&fullset, SIGINT);
 	sigprocmask(SIG_BLOCK, &fullset, NULL);
 
-	if (unveil(_PATH_MASTERPASSWD_LOCK, "wc") == -1)
+	if (unveil(_PATH_MASTERPASSWD_LOCK, "rwc") == -1)
 		err(1, "unveil");
 	if (unveil(_PATH_MASTERPASSWD, "r") == -1)
 		err(1, "unveil");
diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c
index af57f429908..dfd8c8603bf 100644
--- a/usr.bin/doas/doas.c
+++ b/usr.bin/doas/doas.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.c,v 1.80 2019/07/03 03:24:02 deraadt Exp $ */
+/* $OpenBSD: doas.c,v 1.81 2019/09/14 17:47:00 semarie Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -408,7 +408,8 @@ main(int argc, char **argv)
 	if (formerpath == NULL)
 		formerpath = "";
 
-	if (unveil(_PATH_LOGIN_CONF, "r") == -1)
+	if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
+	    unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
 		err(1, "unveil");
 	if (rule->cmd) {
 		if (setenv("PATH", safepath, 1) == -1)
diff --git a/usr.bin/encrypt/encrypt.c b/usr.bin/encrypt/encrypt.c
index 48e1d54df57..01e96edd9f8 100644
--- a/usr.bin/encrypt/encrypt.c
+++ b/usr.bin/encrypt/encrypt.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: encrypt.c,v 1.49 2018/08/03 04:47:56 deraadt Exp $	*/
+/*	$OpenBSD: encrypt.c,v 1.50 2019/09/14 17:47:00 semarie Exp $	*/
 
 /*
  * Copyright (c) 1996, Jason Downs.  All rights reserved.
@@ -95,7 +95,8 @@ main(int argc, char **argv)
 	char *extra = NULL;	/* Store login class or number of rounds */
 	const char *errstr;
 
-	if (unveil(_PATH_LOGIN_CONF, "r") == -1)
+	if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
+	    unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
 		err(1, "unveil");
 	if (pledge("stdio rpath tty", NULL) == -1)
 		err(1, "pledge");
diff --git a/usr.bin/passwd/local_passwd.c b/usr.bin/passwd/local_passwd.c
index a9aa2318d2f..0f843b3f973 100644
--- a/usr.bin/passwd/local_passwd.c
+++ b/usr.bin/passwd/local_passwd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: local_passwd.c,v 1.56 2019/06/28 13:35:02 deraadt Exp $	*/
+/*	$OpenBSD: local_passwd.c,v 1.57 2019/09/14 17:47:01 semarie Exp $	*/
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -72,12 +72,14 @@ local_passwd(char *uname, int authenticated)
 		return(1);
 	}
 
-	if (unveil(_PATH_MASTERPASSWD_LOCK, "wc") == -1)
+	if (unveil(_PATH_MASTERPASSWD_LOCK, "rwc") == -1)
 		err(1, "unveil");
 	if (unveil(_PATH_MASTERPASSWD, "r") == -1)
 		err(1, "unveil");
 	if (unveil(_PATH_LOGIN_CONF, "r") == -1)
 		err(1, "unveil");
+	if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
+		err(1, "unveil");
 	if (unveil(_PATH_BSHELL, "x") == -1)
 		err(1, "unveil");
 	if (unveil(_PATH_PWD_MKDB, "x") == -1)
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c
index 594052eb71e..0b89b4821c2 100644
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: su.c,v 1.76 2019/06/28 13:35:04 deraadt Exp $	*/
+/*	$OpenBSD: su.c,v 1.77 2019/09/14 17:47:01 semarie Exp $	*/
 
 /*
  * Copyright (c) 1988 The Regents of the University of California.
@@ -162,6 +162,8 @@ main(int argc, char **argv)
 
 	if (unveil(_PATH_LOGIN_CONF, "r") == -1)
 		err(1, "unveil");
+	if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
+		err(1, "unveil");
 	if (unveil(_PATH_AUTHPROGDIR, "x") == -1)
 		err(1, "unveil");
 	if (unveil(_PATH_SHELLS, "r") == -1)