summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--usr.bin/chpass/chpass.c4
-rw-r--r--usr.bin/doas/doas.c5
-rw-r--r--usr.bin/encrypt/encrypt.c5
-rw-r--r--usr.bin/passwd/local_passwd.c6
-rw-r--r--usr.bin/su/su.c4
5 files changed, 15 insertions, 9 deletions
diff --git a/usr.bin/chpass/chpass.c b/usr.bin/chpass/chpass.c
index 60fd6a147c9..f20b7f18b9b 100644
--- a/usr.bin/chpass/chpass.c
+++ b/usr.bin/chpass/chpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: chpass.c,v 1.45 2019/04/30 18:28:45 mestre Exp $ */
+/* $OpenBSD: chpass.c,v 1.46 2019/09/14 17:47:00 semarie Exp $ */
/* $NetBSD: chpass.c,v 1.8 1996/05/15 21:50:43 jtc Exp $ */
/*-
@@ -183,7 +183,7 @@ main(int argc, char *argv[])
sigdelset(&fullset, SIGINT);
sigprocmask(SIG_BLOCK, &fullset, NULL);
- if (unveil(_PATH_MASTERPASSWD_LOCK, "wc") == -1)
+ if (unveil(_PATH_MASTERPASSWD_LOCK, "rwc") == -1)
err(1, "unveil");
if (unveil(_PATH_MASTERPASSWD, "r") == -1)
err(1, "unveil");
diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c
index af57f429908..dfd8c8603bf 100644
--- a/usr.bin/doas/doas.c
+++ b/usr.bin/doas/doas.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.c,v 1.80 2019/07/03 03:24:02 deraadt Exp $ */
+/* $OpenBSD: doas.c,v 1.81 2019/09/14 17:47:00 semarie Exp $ */
/*
* Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
*
@@ -408,7 +408,8 @@ main(int argc, char **argv)
if (formerpath == NULL)
formerpath = "";
- if (unveil(_PATH_LOGIN_CONF, "r") == -1)
+ if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
+ unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
err(1, "unveil");
if (rule->cmd) {
if (setenv("PATH", safepath, 1) == -1)
diff --git a/usr.bin/encrypt/encrypt.c b/usr.bin/encrypt/encrypt.c
index 48e1d54df57..01e96edd9f8 100644
--- a/usr.bin/encrypt/encrypt.c
+++ b/usr.bin/encrypt/encrypt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: encrypt.c,v 1.49 2018/08/03 04:47:56 deraadt Exp $ */
+/* $OpenBSD: encrypt.c,v 1.50 2019/09/14 17:47:00 semarie Exp $ */
/*
* Copyright (c) 1996, Jason Downs. All rights reserved.
@@ -95,7 +95,8 @@ main(int argc, char **argv)
char *extra = NULL; /* Store login class or number of rounds */
const char *errstr;
- if (unveil(_PATH_LOGIN_CONF, "r") == -1)
+ if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
+ unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
err(1, "unveil");
if (pledge("stdio rpath tty", NULL) == -1)
err(1, "pledge");
diff --git a/usr.bin/passwd/local_passwd.c b/usr.bin/passwd/local_passwd.c
index a9aa2318d2f..0f843b3f973 100644
--- a/usr.bin/passwd/local_passwd.c
+++ b/usr.bin/passwd/local_passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: local_passwd.c,v 1.56 2019/06/28 13:35:02 deraadt Exp $ */
+/* $OpenBSD: local_passwd.c,v 1.57 2019/09/14 17:47:01 semarie Exp $ */
/*-
* Copyright (c) 1990 The Regents of the University of California.
@@ -72,12 +72,14 @@ local_passwd(char *uname, int authenticated)
return(1);
}
- if (unveil(_PATH_MASTERPASSWD_LOCK, "wc") == -1)
+ if (unveil(_PATH_MASTERPASSWD_LOCK, "rwc") == -1)
err(1, "unveil");
if (unveil(_PATH_MASTERPASSWD, "r") == -1)
err(1, "unveil");
if (unveil(_PATH_LOGIN_CONF, "r") == -1)
err(1, "unveil");
+ if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
+ err(1, "unveil");
if (unveil(_PATH_BSHELL, "x") == -1)
err(1, "unveil");
if (unveil(_PATH_PWD_MKDB, "x") == -1)
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c
index 594052eb71e..0b89b4821c2 100644
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: su.c,v 1.76 2019/06/28 13:35:04 deraadt Exp $ */
+/* $OpenBSD: su.c,v 1.77 2019/09/14 17:47:01 semarie Exp $ */
/*
* Copyright (c) 1988 The Regents of the University of California.
@@ -162,6 +162,8 @@ main(int argc, char **argv)
if (unveil(_PATH_LOGIN_CONF, "r") == -1)
err(1, "unveil");
+ if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
+ err(1, "unveil");
if (unveil(_PATH_AUTHPROGDIR, "x") == -1)
err(1, "unveil");
if (unveil(_PATH_SHELLS, "r") == -1)
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.