diff options
| author |   semarie <semarie@openbsd.org> | 2019-09-14 17:47:00 +0000 |
|---|---|---|
| committer | semarie <semarie@openbsd.org> | 2019-09-14 17:47:00 +0000 |
| commit | 1d749625810e394156930b02549d338d31c44e36 (patch) | |
| tree | 60c89fafbcdde25fb0f2b93f1758ba5a367a840e /usr.bin/encrypt/encrypt.c | |
| parent | Typo in comment. scsi_size() is actually sd_size(). (diff) | |
| download | wireguard-openbsd-1d749625810e394156930b02549d338d31c44e36.tar.xz wireguard-openbsd-1d749625810e394156930b02549d338d31c44e36.zip | |
correct some unveil(2) violations due to "login.conf.db" access (the .db version
of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).
problem initially noted by myself for passwd(1)
millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1)
mestre@ noted chpass(1) too
ok mestre@ millert@
Diffstat (limited to 'usr.bin/encrypt/encrypt.c')
| -rw-r--r-- | usr.bin/encrypt/encrypt.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.bin/encrypt/encrypt.c b/usr.bin/encrypt/encrypt.c index 48e1d54df57..01e96edd9f8 100644 --- a/usr.bin/encrypt/encrypt.c +++ b/usr.bin/encrypt/encrypt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encrypt.c,v 1.49 2018/08/03 04:47:56 deraadt Exp $ */ +/* $OpenBSD: encrypt.c,v 1.50 2019/09/14 17:47:00 semarie Exp $ */ /* * Copyright (c) 1996, Jason Downs. All rights reserved. @@ -95,7 +95,8 @@ main(int argc, char **argv) char *extra = NULL; /* Store login class or number of rounds */ const char *errstr; - if (unveil(_PATH_LOGIN_CONF, "r") == -1) + if (unveil(_PATH_LOGIN_CONF, "r") == -1 || + unveil(_PATH_LOGIN_CONF ".db", "r") == -1) err(1, "unveil"); if (pledge("stdio rpath tty", NULL) == -1) err(1, "pledge"); |