diff options
| author |   mestre <mestre@openbsd.org> | 2018-10-25 06:41:50 +0000 |
|---|---|---|
| committer | mestre <mestre@openbsd.org> | 2018-10-25 06:41:50 +0000 |
| commit | 222d93a52f12801b4efd7108b4e889f694dd9c8f (patch) | |
| tree | 167847f1d7c8b4249d44db9e9b0b12b8c11f8f8c | |
| parent | unveil(2) the following files for passwd(1) with their corresponding (diff) | |
| download | wireguard-openbsd-222d93a52f12801b4efd7108b4e889f694dd9c8f.tar.xz wireguard-openbsd-222d93a52f12801b4efd7108b4e889f694dd9c8f.zip | |
The only file that spamlogd(8) needs to access after calling pledge(2) is
PATH_SPAMD_DB, so unveil(2) it with O_RDWR permissions.
OK millert@ beck@
| -rw-r--r-- | libexec/spamlogd/spamlogd.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/libexec/spamlogd/spamlogd.c b/libexec/spamlogd/spamlogd.c index beba9116187..0eaf7aa8652 100644 --- a/libexec/spamlogd/spamlogd.c +++ b/libexec/spamlogd/spamlogd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: spamlogd.c,v 1.27 2016/03/16 14:47:04 mestre Exp $ */ +/* $OpenBSD: spamlogd.c,v 1.28 2018/10/25 06:41:50 mestre Exp $ */ /* * Copyright (c) 2006 Henning Brauer <henning@openbsd.org> @@ -375,6 +375,8 @@ main(int argc, char **argv) openlog_r("spamlogd", LOG_PID | LOG_NDELAY, LOG_DAEMON, &sdata); } + if (unveil(PATH_SPAMD_DB, "rw") == -1) + err(1, "unveil"); if (syncsend) { if (pledge("stdio rpath wpath inet flock", NULL) == -1) err(1, "pledge"); |