diff options
author | mestre <mestre@openbsd.org> | 2018-10-26 17:11:33 +0000 |
---|---|---|
committer | mestre <mestre@openbsd.org> | 2018-10-26 17:11:33 +0000 |
commit | 30f341d9fe0b347f4b5815e95ad9957b8e4e2a9b (patch) | |
tree | 30f825b68ff71e7bedc3a9a795ec1c246dd4c2cf /usr.sbin/kvm_mkdb | |
parent | The code path were we pass `pathname' in the arguments is already limited (diff) | |
download | wireguard-openbsd-30f341d9fe0b347f4b5815e95ad9957b8e4e2a9b.tar.xz wireguard-openbsd-30f341d9fe0b347f4b5815e95ad9957b8e4e2a9b.zip |
If we pass `file' via args then we need to unveil(2) it with read permission,
otherwise if omitted we need to unveil(2) both _PATH_UNIX and _PATH_KSYMS with
same permissions.
Unconditionally we need to also unveil(2) dbdir, which by default is
_PATH_VARDB but can be changed via args (-o directory), with read/write/create
permissions. There are a couple of temp files that will be created but it's
inside dbdir so there's no need to unveil(2) them individually.
Since we already call pledge(2) before, twice, we need to add "unveil" promise
to both of them, and finally call pledge(2) once again with the needed promises
except "unveil".
OK millert@
Diffstat (limited to 'usr.sbin/kvm_mkdb')
-rw-r--r-- | usr.sbin/kvm_mkdb/kvm_mkdb.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/usr.sbin/kvm_mkdb/kvm_mkdb.c b/usr.sbin/kvm_mkdb/kvm_mkdb.c index 607ead32954..64765679058 100644 --- a/usr.sbin/kvm_mkdb/kvm_mkdb.c +++ b/usr.sbin/kvm_mkdb/kvm_mkdb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kvm_mkdb.c,v 1.29 2017/11/21 12:07:00 tb Exp $ */ +/* $OpenBSD: kvm_mkdb.c,v 1.30 2018/10/26 17:11:33 mestre Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -70,7 +70,7 @@ main(int argc, char *argv[]) char *nlistpath, *nlistname; char dbdir[PATH_MAX]; - if (pledge("stdio rpath wpath cpath fattr getpw flock id", NULL) == -1) + if (pledge("stdio rpath wpath cpath fattr getpw flock id unveil", NULL) == -1) err(1, "pledge"); /* Try to use the kmem group to be able to fchown() in kvm_mkdb(). */ @@ -89,7 +89,7 @@ main(int argc, char *argv[]) warn("can't set rlimit data size"); } - if (pledge("stdio rpath wpath cpath fattr flock", NULL) == -1) + if (pledge("stdio rpath wpath cpath fattr flock unveil", NULL) == -1) err(1, "pledge"); strlcpy(dbdir, _PATH_VARDB, sizeof(dbdir)); @@ -115,6 +115,20 @@ main(int argc, char *argv[]) if (argc > 1) usage(); + if (argc > 0) { + if (unveil(argv[0], "r") == -1) + err(1, "unveil"); + } else { + if (unveil(_PATH_UNIX, "r") == -1) + err(1, "unveil"); + if (unveil(_PATH_KSYMS, "r") == -1) + err(1, "unveil"); + } + if (unveil(dbdir, "rwc") == -1) + err(1, "unveil"); + if (pledge("stdio rpath wpath cpath fattr flock", NULL) == -1) + err(1, "pledge"); + /* If no kernel specified use _PATH_KSYMS and fall back to _PATH_UNIX */ if (argc > 0) { nlistpath = argv[0]; |