After opening required descriptors, savecore only plays in one directory

so use unveil(2).
author: deraadt <deraadt@openbsd.org> 2018-09-24 21:26:38 +0000
committer: deraadt <deraadt@openbsd.org> 2018-09-24 21:26:38 +0000
commit: e18d1965d1668bb971d3a78c151d2ed11d29b64a (patch)
tree: f4ca744e4e13ed2b6c24e6c3a1a7cd9312c9b741
parent: Use unveil(2). These programs fit together in various strange ways, (diff)
download: wireguard-openbsd-e18d1965d1668bb971d3a78c151d2ed11d29b64a.tar.xz
wireguard-openbsd-e18d1965d1668bb971d3a78c151d2ed11d29b64a.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/sbin/savecore/savecore.c b/sbin/savecore/savecore.c
index a96c618c621..8b2a6cf50d0 100644
--- a/sbin/savecore/savecore.c
+++ b/sbin/savecore/savecore.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: savecore.c,v 1.57 2016/09/01 14:12:07 tedu Exp $	*/
+/*	$OpenBSD: savecore.c,v 1.58 2018/09/24 21:26:38 deraadt Exp $	*/
 /*	$NetBSD: savecore.c,v 1.26 1996/03/18 21:16:05 leo Exp $	*/
 
 /*-
@@ -171,6 +171,10 @@ main(int argc, char *argv[])
 	(void)time(&now);
 	kmem_setup();
 
+	if (unveil(dirn, "rwc") == -1) {
+		syslog(LOG_ERR, "unveil: %m");
+		exit(1);
+	}
 	if (pledge("stdio rpath wpath cpath", NULL) == -1) {
 		syslog(LOG_ERR, "pledge: %m");
 		exit(1);
author	deraadt <deraadt@openbsd.org>	2018-09-24 21:26:38 +0000
committer	deraadt <deraadt@openbsd.org>	2018-09-24 21:26:38 +0000
commit	e18d1965d1668bb971d3a78c151d2ed11d29b64a (patch)
tree	f4ca744e4e13ed2b6c24e6c3a1a7cd9312c9b741
parent	Use unveil(2). These programs fit together in various strange ways, (diff)
download	wireguard-openbsd-e18d1965d1668bb971d3a78c151d2ed11d29b64a.tar.xz wireguard-openbsd-e18d1965d1668bb971d3a78c151d2ed11d29b64a.zip