unveil(2) /dev with read permissions since it's the only directory usbdevs(8)

will read from OK kn@
author: mestre <mestre@openbsd.org> 2019-11-30 14:02:47 +0000
committer: mestre <mestre@openbsd.org> 2019-11-30 14:02:47 +0000
commit: 544844c40a72c1f86fe93051fe3a5cd1968f689d (patch)
tree: d2c295cb1ec440f6d98814d6a8bfe557c0fec235 /usr.sbin/usbdevs
parent: pcidump(8) only opens devices in O_RDONLY from /dev, and additionally writes a (diff)
download: wireguard-openbsd-544844c40a72c1f86fe93051fe3a5cd1968f689d.tar.xz
wireguard-openbsd-544844c40a72c1f86fe93051fe3a5cd1968f689d.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/usbdevs/usbdevs.c b/usr.sbin/usbdevs/usbdevs.c
index d41e7ad868a..165f668b527 100644
--- a/usr.sbin/usbdevs/usbdevs.c
+++ b/usr.sbin/usbdevs/usbdevs.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: usbdevs.c,v 1.31 2019/04/14 18:16:19 deraadt Exp $	*/
+/*	$OpenBSD: usbdevs.c,v 1.32 2019/11/30 14:02:47 mestre Exp $	*/
 /*	$NetBSD: usbdevs.c,v 1.19 2002/02/21 00:34:31 christos Exp $	*/
 
 /*
@@ -267,6 +267,11 @@ main(int argc, char **argv)
 	if (argc != 0)
 		usage();
 
+	if (unveil("/dev", "r") == -1)
+		err(1, "unveil");
+	if (unveil(NULL, NULL) == -1)
+		err(1, "unveil");
+
 	if (dev == 0) {
 		for (ncont = 0, i = 0; i < 10; i++) {
 			snprintf(buf, sizeof buf, "%s%d", USBDEV, i);
author	mestre <mestre@openbsd.org>	2019-11-30 14:02:47 +0000
committer	mestre <mestre@openbsd.org>	2019-11-30 14:02:47 +0000
commit	544844c40a72c1f86fe93051fe3a5cd1968f689d (patch)
tree	d2c295cb1ec440f6d98814d6a8bfe557c0fec235 /usr.sbin/usbdevs
parent	pcidump(8) only opens devices in O_RDONLY from /dev, and additionally writes a (diff)
download	wireguard-openbsd-544844c40a72c1f86fe93051fe3a5cd1968f689d.tar.xz wireguard-openbsd-544844c40a72c1f86fe93051fe3a5cd1968f689d.zip