mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2024-12-22 07:27:59 -08:00
Code

Change the error reporting pattern throughout the tree when unveil

Browse Source 
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.

Work done and verified by Ashton Fagg <ashton@fagg.id.au>

ok deraadt@ semarie@ claudio@
This commit is contained in:
beck 2021-07-12 15:09:18 +00:00
parent 80a0aabaf5
commit bc5a8259a4
80 changed files with 284 additions and 282 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bin/ps/ps.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ps.c,v 1.76 2019/12/16 19:21:16 guenther Exp $ */
/* $OpenBSD: ps.c,v 1.77 2021/07/12 15:09:18 beck Exp $ */
/* $NetBSD: ps.c,v 1.15 1995/05/18 20:33:25 mycroft Exp $ */
/*-
@ -276,18 +276,18 @@ main(int argc, char *argv[])
errx(1, "%s", errbuf);
if (unveil(_PATH_DEVDB, "r") == -1 && errno != ENOENT)
err(1, "unveil");
err(1, "unveil %s", _PATH_DEVDB);
if (unveil(_PATH_DEV, "r") == -1 && errno != ENOENT)
err(1, "unveil");
err(1, "unveil %s", _PATH_DEV);
if (swapf)
if (unveil(swapf, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", swapf);
if (nlistf)
if (unveil(nlistf, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", nlistf);
if (memf)
if (unveil(memf, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", memf);
if (pledge("stdio rpath getpw ps", NULL) == -1)
err(1, "pledge");

4
games/tetris/tetris.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tetris.c,v 1.34 2019/05/18 19:38:25 rob Exp $ */
/* $OpenBSD: tetris.c,v 1.35 2021/07/12 15:09:18 beck Exp $ */
/* $NetBSD: tetris.c,v 1.2 1995/04/22 07:42:47 cgd Exp $ */
/*-
@ -234,7 +234,7 @@ main(int argc, char *argv[])
scr_init();
if (unveil(scorepath, "rwc") == -1)
err(1, "unveil");
err(1, "unveil %s", scorepath);
if (pledge("stdio rpath wpath cpath tty", NULL) == -1)
err(1, "pledge");

10
libexec/comsat/comsat.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: comsat.c,v 1.49 2018/09/24 22:56:54 deraadt Exp $ */
/* $OpenBSD: comsat.c,v 1.50 2021/07/12 15:09:18 beck Exp $ */
/*
* Copyright (c) 1980, 1993
@ -92,13 +92,13 @@ main(int argc, char *argv[])
}
if (unveil(_PATH_MAILDIR, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_MAILDIR);
if (unveil(_PATH_UTMP, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_UTMP);
if (unveil("/tmp", "w") == -1)
err(1, "unveil");
err(1, "unveil /tmp");
if (unveil(_PATH_DEV, "rw") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_DEV);
if (pledge("stdio rpath wpath proc tty", NULL) == -1)
err(1, "pledge");

4
libexec/fingerd/fingerd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: fingerd.c,v 1.41 2019/06/28 13:32:53 deraadt Exp $ */
/* $OpenBSD: fingerd.c,v 1.42 2021/07/12 15:09:18 beck Exp $ */
/*
* Copyright (c) 1983, 1993
@ -109,7 +109,7 @@ main(int argc, char *argv[])
}
if (unveil(prog, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", prog);
if (pledge("stdio inet dns proc exec", NULL) == -1)
err(1, "pledge");

4
libexec/lockspool/lockspool.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: lockspool.c,v 1.21 2020/02/09 14:59:20 millert Exp $ */
/* $OpenBSD: lockspool.c,v 1.22 2021/07/12 15:09:18 beck Exp $ */
/*
* Copyright (c) 1998 Theo de Raadt <deraadt@theos.com>
@ -54,7 +54,7 @@ main(int argc, char *argv[])
int holdfd;
if (unveil(_PATH_MAILDIR, "rwc") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_MAILDIR);
if (pledge("stdio rpath wpath getpw cpath fattr", NULL) == -1)
err(1, "pledge");

4
libexec/spamlogd/spamlogd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: spamlogd.c,v 1.31 2019/07/25 17:32:33 brynet Exp $ */
/* $OpenBSD: spamlogd.c,v 1.32 2021/07/12 15:09:18 beck Exp $ */
/*
* Copyright (c) 2006 Henning Brauer <henning@openbsd.org>
@ -463,7 +463,7 @@ main(int argc, char **argv)
}
if (unveil(PATH_SPAMD_DB, "rw") == -1)
err(1, "unveil");
err(1, "unveil %s", PATH_SPAMD_DB);
if (syncsend) {
if (pledge("stdio rpath wpath inet flock", NULL) == -1)
err(1, "pledge");

10
regress/sbin/ifconfig/ifaddr.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ifaddr.c,v 1.5 2021/03/12 19:35:43 florian Exp $ */
/* $OpenBSD: ifaddr.c,v 1.6 2021/07/12 15:09:18 beck Exp $ */
/*
* This file has been copied from ifconfig and adapted to test
@ -287,7 +287,7 @@ main(int argc, char *argv[])
if (argc < 2) {
/* no filesystem visibility */
if (unveil("/", "") == -1)
err(1, "unveil");
err(1, "unveil /");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");
aflag = 1;
@ -326,11 +326,11 @@ main(int argc, char *argv[])
argc--, argv++;
if (unveil(_PATH_RESCONF, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_RESCONF);
if (unveil(_PATH_HOSTS, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_HOSTS);
if (unveil(_PATH_SERVICES, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_SERVICES);
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

4
regress/usr.bin/lastcomm/unveil.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: unveil.c,v 1.1 2020/07/27 13:40:02 rob Exp $ */
/* $OpenBSD: unveil.c,v 1.2 2021/07/12 15:09:18 beck Exp $ */
/*
* Copyright (c) 2020 Rob Pierce <rob@openbsd.org>
*
@ -22,7 +22,7 @@ int
main(int argc, char *argv[])
{
if (unveil("/tmp", "r") == -1)
err(1, "unveil");
err(1, "unveil /tmp");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

6
sbin/dhclient/dhclient.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dhclient.c,v 1.722 2021/05/02 19:16:48 krw Exp $ */
/* $OpenBSD: dhclient.c,v 1.723 2021/07/12 15:09:18 beck Exp $ */
/*
* Copyright 2004 Henning Brauer <henning@openbsd.org>
@ -2334,9 +2334,9 @@ fork_privchld(struct interface_info *ifi, int fd, int fd2)
fatal("socket(AF_ROUTE, SOCK_RAW)");
if (unveil(_PATH_RESCONF, "wc") == -1)
fatal("unveil");
fatal("unveil %s", _PATH_RESCONF);
if (unveil("/etc/resolv.conf.tail", "r") == -1)
fatal("unveil");
fatal("unveil /etc/resolve.conf.tail");
if (unveil(NULL, NULL) == -1)
fatal("unveil");

4
sbin/dhcpleased/dhcpleased.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dhcpleased.c,v 1.13 2021/06/20 08:31:45 florian Exp $ */
/* $OpenBSD: dhcpleased.c,v 1.14 2021/07/12 15:09:18 beck Exp $ */
/*
* Copyright (c) 2017, 2021 Florian Obser <florian@openbsd.org>
@ -274,7 +274,7 @@ main(int argc, char *argv[])
}
if (unveil(NULL, NULL) == -1)
fatal("locking unveil");
fatal("unveil");
#if notyet
if (pledge("stdio inet rpath wpath sendfd wroute bpf", NULL) == -1)
fatal("pledge");

6
sbin/dhcpleased/engine.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: engine.c,v 1.17 2021/06/20 08:31:45 florian Exp $ */
/* $OpenBSD: engine.c,v 1.18 2021/07/12 15:09:18 beck Exp $ */
/*
* Copyright (c) 2017, 2021 Florian Obser <florian@openbsd.org>
@ -182,9 +182,9 @@ engine(int debug, int verbose)
fatal("chdir(\"/\")");
if (unveil("/", "") == -1)
fatal("unveil(\"/\", \"\")");
fatal("unveil /");
if (unveil(NULL, NULL) == -1)
fatal("unveil(NULL, NULL)");
fatal("unveil");
setproctitle("%s", "engine");
log_procinit("engine");

6
sbin/dhcpleased/frontend.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: frontend.c,v 1.12 2021/06/16 14:08:38 florian Exp $ */
/* $OpenBSD: frontend.c,v 1.13 2021/07/12 15:09:18 beck Exp $ */
/*
* Copyright (c) 2017, 2021 Florian Obser <florian@openbsd.org>
@ -138,9 +138,9 @@ frontend(int debug, int verbose)
fatal("chdir(\"/\")");
if (unveil("/", "") == -1)
fatal("unveil(\"/\", \"\")");
fatal("unveil /");
if (unveil(NULL, NULL) == -1)
fatal("unveil(NULL, NULL)");
fatal("unveil");
setproctitle("%s", "frontend");
log_procinit("frontend");

8
sbin/fsck/fsck.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: fsck.c,v 1.40 2019/06/28 13:32:43 deraadt Exp $ */
/* $OpenBSD: fsck.c,v 1.41 2021/07/12 15:09:18 beck Exp $ */
/* $NetBSD: fsck.c,v 1.7 1996/10/03 20:06:30 christos Exp $ */
/*
@ -110,11 +110,11 @@ main(int argc, char *argv[])
checkroot();
if (unveil("/dev", "rw") == -1)
err(1, "unveil");
err(1, "unveil /dev");
if (unveil(_PATH_FSTAB, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_FSTAB);
if (unveil("/sbin", "x") == -1)
err(1, "unveil");
err(1, "unveil /sbin");
if (pledge("stdio rpath wpath disklabel proc exec", NULL) == -1)
err(1, "pledge");

4
sbin/fsck_ffs/setup.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: setup.c,v 1.67 2020/06/20 07:49:04 otto Exp $ */
/* $OpenBSD: setup.c,v 1.68 2021/07/12 15:09:18 beck Exp $ */
/* $NetBSD: setup.c,v 1.27 1996/09/27 22:45:19 christos Exp $ */
/*
@ -105,7 +105,7 @@ setup(char *dev, int isfsdb)
if (isfsdb || !hotroot()) {
if (unveil("/dev", "rw") == -1)
err(1, "unveil");
err(1, "unveil /dev");
if (pledge("stdio rpath wpath getpw tty disklabel",
NULL) == -1)
err(1, "pledge");

4
sbin/fsck_msdos/check.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: check.c,v 1.20 2019/06/28 13:32:43 deraadt Exp $ */
/* $OpenBSD: check.c,v 1.21 2021/07/12 15:09:18 beck Exp $ */
/* $NetBSD: check.c,v 1.8 1997/10/17 11:19:29 ws Exp $ */
/*
@ -55,7 +55,7 @@ checkfilesys(const char *fname)
int mod = 0;
if (unveil("/dev", "rw") == -1)
err(1, "unveil");
err(1, "unveil /dev");
rdonly = alwaysno;

10
sbin/ifconfig/ifconfig.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ifconfig.c,v 1.443 2021/07/04 19:22:32 sthen Exp $ */
/* $OpenBSD: ifconfig.c,v 1.444 2021/07/12 15:09:18 beck Exp $ */
/* $NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $ */
/*
@ -773,7 +773,7 @@ main(int argc, char *argv[])
if (argc < 2) {
/* no filesystem visibility */
if (unveil("/", "") == -1)
err(1, "unveil");
err(1, "unveil /");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");
aflag = 1;
@ -827,11 +827,11 @@ main(int argc, char *argv[])
if (!found_rulefile) {
if (unveil(_PATH_RESCONF, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_RESCONF);
if (unveil(_PATH_HOSTS, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_HOSTS);
if (unveil(_PATH_SERVICES, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_SERVICES);
if (unveil(NULL, NULL) == -1)
err(1, "unveil");
}

4
sbin/nologin/nologin.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: nologin.c,v 1.8 2019/06/28 13:32:45 deraadt Exp $ */
/* $OpenBSD: nologin.c,v 1.9 2021/07/12 15:09:19 beck Exp $ */
/*
* Copyright (c) 1997, Jason Downs. All rights reserved.
@ -47,7 +47,7 @@ main(int argc, char *argv[])
char nbuf[BUFSIZ];
if (unveil(_PATH_NOLOGIN_TXT, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_NOLOGIN_TXT);
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");

12
sbin/pflogd/privsep.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: privsep.c,v 1.34 2019/11/27 17:49:09 deraadt Exp $ */
/* $OpenBSD: privsep.c,v 1.35 2021/07/12 15:09:19 beck Exp $ */
/*
* Copyright (c) 2003 Can Erkin Acar
@ -134,15 +134,15 @@ priv_init(int Pflag, int argc, char *argv[])
setproctitle("[priv]");
if (unveil(_PATH_RESCONF, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_RESCONF);
if (unveil(_PATH_HOSTS, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_HOSTS);
if (unveil(_PATH_SERVICES, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_SERVICES);
if (unveil("/dev/bpf", "r") == -1)
err(1, "unveil");
err(1, "unveil /dev/bpf");
if (unveil(filename, "rwc") == -1)
err(1, "unveil");
err(1, "unveil %s", filename);
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

4
sbin/ping/ping.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ping.c,v 1.244 2021/02/21 10:38:42 sthen Exp $ */
/* $OpenBSD: ping.c,v 1.245 2021/07/12 15:09:19 beck Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -266,7 +266,7 @@ main(int argc, char *argv[])
/* Cannot pledge due to special setsockopt()s below */
if (unveil("/", "r") == -1)
err(1, "unveil");
err(1, "unveil /");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

18
sbin/shutdown/shutdown.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: shutdown.c,v 1.52 2018/08/03 17:09:22 deraadt Exp $ */
/* $OpenBSD: shutdown.c,v 1.53 2021/07/12 15:09:19 beck Exp $ */
/* $NetBSD: shutdown.c,v 1.9 1995/03/18 15:01:09 cgd Exp $ */
/*
@ -166,24 +166,24 @@ main(int argc, char *argv[])
}
if (unveil(_PATH_CONSOLE, "rw") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_CONSOLE);
if (unveil(_PATH_RC, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_RC);
if (unveil(_PATH_WALL, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_WALL);
if (unveil(_PATH_FASTBOOT, "wc") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_FASTBOOT);
if (unveil(_PATH_NOLOGIN, "wc") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_NOLOGIN);
if (dohalt || dopower) {
if (unveil(_PATH_HALT, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_HALT);
} else if (doreboot) {
if (unveil(_PATH_REBOOT, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_REBOOT);
} else {
if (unveil(_PATH_BSHELL, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_BSHELL);
}
if (pledge("stdio rpath wpath cpath getpw tty id proc exec", NULL) == -1)
err(1, "pledge");

6
sbin/slaacd/engine.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: engine.c,v 1.72 2021/05/01 11:53:06 florian Exp $ */
/* $OpenBSD: engine.c,v 1.73 2021/07/12 15:09:19 beck Exp $ */
/*
* Copyright (c) 2017 Florian Obser <florian@openbsd.org>
@ -368,9 +368,9 @@ engine(int debug, int verbose)
fatal("chdir(\"/\")");
if (unveil("/", "") == -1)
fatal("unveil(\"/\", \"\")");
fatal("unveil /");
if (unveil(NULL, NULL) == -1)
fatal("unveil(NULL, NULL)");
fatal("unveil");
setproctitle("%s", "engine");
log_procinit("engine");

6
sbin/slaacd/frontend.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: frontend.c,v 1.56 2021/05/01 11:53:06 florian Exp $ */
/* $OpenBSD: frontend.c,v 1.57 2021/07/12 15:09:19 beck Exp $ */
/*
* Copyright (c) 2017 Florian Obser <florian@openbsd.org>
@ -149,9 +149,9 @@ frontend(int debug, int verbose)
fatal("chdir(\"/\")");
if (unveil("/", "") == -1)
fatal("unveil(\"/\", \"\")");
fatal("unveil /");
if (unveil(NULL, NULL) == -1)
fatal("unveil(NULL, NULL)");
fatal("unveil");
setproctitle("%s", "frontend");
log_procinit("frontend");

6
sbin/sysctl/sysctl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sysctl.c,v 1.257 2021/05/18 05:25:40 claudio Exp $ */
/* $OpenBSD: sysctl.c,v 1.258 2021/07/12 15:09:19 beck Exp $ */
/* $NetBSD: sysctl.c,v 1.9 1995/09/30 07:12:50 thorpej Exp $ */
/*
@ -265,9 +265,9 @@ main(int argc, char *argv[])
ctime(&boottime); /* satisfy potential $TZ expansion before unveil() */
if (unveil(_PATH_DEVDB, "r") == -1 && errno != ENOENT)
err(1,"unveil");
err(1,"unveil %s", _PATH_DEVDB);
if (unveil("/dev", "r") == -1 && errno != ENOENT)
err(1, "unveil");
err(1, "unveil /dev");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

4
sbin/unwind/resolver.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: resolver.c,v 1.143 2021/02/07 13:35:41 florian Exp $ */
/* $OpenBSD: resolver.c,v 1.144 2021/07/12 15:09:19 beck Exp $ */
/*
* Copyright (c) 2018 Florian Obser <florian@openbsd.org>
@ -377,7 +377,7 @@ resolver(int debug, int verbose)
fatal("can't drop privileges");
if (unveil(TLS_DEFAULT_CA_CERT_FILE, "r") == -1)
fatal("unveil");
fatal("unveil %s", TLS_DEFAULT_CA_CERT_FILE);
if (pledge("stdio inet dns rpath recvfd", NULL) == -1)
fatal("pledge");

6
usr.bin/audioctl/audioctl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: audioctl.c,v 1.42 2020/02/02 05:25:41 ratchov Exp $ */
/* $OpenBSD: audioctl.c,v 1.43 2021/07/12 15:09:19 beck Exp $ */
/*
* Copyright (c) 2016 Alexandre Ratchov <alex@caoua.org>
*
@ -285,7 +285,7 @@ main(int argc, char **argv)
argv += optind;
if (unveil(path, "w") == -1)
err(1, "unveil");
err(1, "unveil %s", path);
if (unveil(NULL, NULL) == -1)
err(1, "unveil");
@ -296,5 +296,5 @@ main(int argc, char **argv)
audio_main(argc, argv);
close(fd);
return 0;
return 0;
}

4
usr.bin/biff/biff.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: biff.c,v 1.17 2019/06/28 13:35:00 deraadt Exp $ */
/* $OpenBSD: biff.c,v 1.18 2021/07/12 15:09:19 beck Exp $ */
/* $NetBSD: biff.c,v 1.3 1995/03/26 02:34:22 glass Exp $ */
/*
@ -62,7 +62,7 @@ main(int argc, char *argv[])
err(2, "tty");
if (unveil(name, "rw") == -1)
err(2, "unveil");
err(2, "unveil %s", name);
if (pledge("stdio rpath fattr", NULL) == -1)
err(2, "pledge");

16
usr.bin/chpass/chpass.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: chpass.c,v 1.46 2019/09/14 17:47:00 semarie Exp $ */
/* $OpenBSD: chpass.c,v 1.47 2021/07/12 15:09:19 beck Exp $ */
/* $NetBSD: chpass.c,v 1.8 1996/05/15 21:50:43 jtc Exp $ */
/*-
@ -137,11 +137,11 @@ main(int argc, char *argv[])
display(tempname, dfd, pw);
if (unveil(_PATH_BSHELL, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_BSHELL);
if (unveil(_PATH_SHELLS, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_SHELLS);
if (unveil(tempname, "rc") == -1)
err(1, "unveil");
err(1, "unveil %s", tempname);
if (pledge("stdio rpath wpath cpath id proc exec unveil",
NULL) == -1)
err(1, "pledge");
@ -165,7 +165,7 @@ main(int argc, char *argv[])
if (op == NEWSH) {
if (unveil(_PATH_SHELLS, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_SHELLS);
if (pledge("stdio rpath wpath cpath id proc exec unveil",
NULL) == -1)
err(1, "pledge");
@ -184,11 +184,11 @@ main(int argc, char *argv[])
sigprocmask(SIG_BLOCK, &fullset, NULL);
if (unveil(_PATH_MASTERPASSWD_LOCK, "rwc") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_MASTERPASSWD_LOCK);
if (unveil(_PATH_MASTERPASSWD, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_MASTERPASSWD);
if (unveil(_PATH_PWD_MKDB, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_PWD_MKDB);
if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1)
err(1, "pledge");

6
usr.bin/ctfconv/ctfconv.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ctfconv.c,v 1.18 2019/11/07 13:39:08 mpi Exp $ */
/* $OpenBSD: ctfconv.c,v 1.19 2021/07/12 15:09:19 beck Exp $ */
/*
* Copyright (c) 2016-2017 Martin Pieuchot
@ -128,11 +128,11 @@ main(int argc, char *argv[])
filename = *argv;
if (unveil(filename, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", filename);
if (outfile != NULL) {
if (unveil(outfile, "wc") == -1)
err(1, "unveil");
err(1, "unveil %s", outfile);
}
if (pledge("stdio rpath wpath cpath", NULL) == -1)

9
usr.bin/doas/doas.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: doas.c,v 1.89 2021/01/27 17:02:50 millert Exp $ */
/* $OpenBSD: doas.c,v 1.90 2021/07/12 15:09:19 beck Exp $ */
/*
* Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
*
@ -416,9 +416,10 @@ main(int argc, char **argv)
if (formerpath == NULL)
formerpath = "";
if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
err(1, "unveil");
if (unveil(_PATH_LOGIN_CONF, "r") == -1)
err(1, "unveil %s", _PATH_LOGIN_CONF);
if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
err(1, "unveil %s.db", _PATH_LOGIN_CONF);
if (rule->cmd) {
if (setenv("PATH", safepath, 1) == -1)
err(1, "failed to set PATH '%s'", safepath);

9
usr.bin/encrypt/encrypt.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: encrypt.c,v 1.50 2019/09/14 17:47:00 semarie Exp $ */
/* $OpenBSD: encrypt.c,v 1.51 2021/07/12 15:09:19 beck Exp $ */
/*
* Copyright (c) 1996, Jason Downs. All rights reserved.
@ -95,9 +95,10 @@ main(int argc, char **argv)
char *extra = NULL; /* Store login class or number of rounds */
const char *errstr;
if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
err(1, "unveil");
if (unveil(_PATH_LOGIN_CONF, "r") == -1)
err(1, "unveil %s", _PATH_LOGIN_CONF);
if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
err(1, "unveil %s.db", _PATH_LOGIN_CONF);
if (pledge("stdio rpath tty", NULL) == -1)
err(1, "pledge");

4
usr.bin/from/from.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: from.c,v 1.27 2020/05/29 07:16:50 mestre Exp $ */
/* $OpenBSD: from.c,v 1.28 2021/07/12 15:09:19 beck Exp $ */
/* $NetBSD: from.c,v 1.6 1995/09/01 01:39:10 jtc Exp $ */
/*
@ -80,7 +80,7 @@ main(int argc, char *argv[])
file = mail_spool(file, *argv);
if (unveil(file, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", file);
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");

4
usr.bin/getconf/getconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: getconf.c,v 1.20 2018/10/26 17:11:32 mestre Exp $ */
/* $OpenBSD: getconf.c,v 1.21 2021/07/12 15:09:19 beck Exp $ */
/*-
* Copyright (c) 1996 The NetBSD Foundation, Inc.
@ -514,7 +514,7 @@ main(int argc, char *argv[])
case PATHCONF:
if (unveil(argv[1], "r") == -1)
err(1, "unveil");
err(1, "unveil %s", argv[1]);
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");
errno = 0;

4
usr.bin/getent/getent.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: getent.c,v 1.21 2018/11/02 10:21:29 kn Exp $ */
/* $OpenBSD: getent.c,v 1.22 2021/07/12 15:09:19 beck Exp $ */
/* $NetBSD: getent.c,v 1.7 2005/08/24 14:31:02 ginsbach Exp $ */
/*-
@ -102,7 +102,7 @@ main(int argc, char *argv[])
if (strcmp(curdb->name, argv[1]) == 0) {
if (curdb->unveil != NULL) {
if (unveil(curdb->unveil, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", curdb->unveil);
}
if (pledge(curdb->pledge, NULL) == -1)
err(1, "pledge");

6
usr.bin/htpasswd/htpasswd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: htpasswd.c,v 1.17 2018/10/31 07:39:10 mestre Exp $ */
/* $OpenBSD: htpasswd.c,v 1.18 2021/07/12 15:09:19 beck Exp $ */
/*
* Copyright (c) 2014 Florian Obser <florian@openbsd.org>
*
@ -74,9 +74,9 @@ main(int argc, char** argv)
if ((batch && argc == 1) || (!batch && argc == 2)) {
if (unveil(argv[0], "rwc") == -1)
err(1, "unveil");
err(1, "unveil %s", argv[0]);
if (unveil("/tmp", "rwc") == -1)
err(1, "unveil");
err(1, "unveil /tmp");
}
if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1)
err(1, "pledge");

6
usr.bin/kdump/kdump.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kdump.c,v 1.143 2020/04/05 08:32:14 mpi Exp $ */
/* $OpenBSD: kdump.c,v 1.144 2021/07/12 15:09:19 beck Exp $ */
/*-
* Copyright (c) 1988, 1993
@ -223,9 +223,9 @@ main(int argc, char *argv[])
if (strcmp(tracefile, "-") != 0)
if (unveil(tracefile, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", tracefile);
if (unveil(_PATH_PROTOCOLS, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_PROTOCOLS);
if (pledge("stdio rpath getpw", NULL) == -1)
err(1, "pledge");

4
usr.bin/last/last.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: last.c,v 1.52 2019/06/28 13:35:01 deraadt Exp $ */
/* $OpenBSD: last.c,v 1.53 2021/07/12 15:09:19 beck Exp $ */
/* $NetBSD: last.c,v 1.6 1994/12/24 16:49:02 cgd Exp $ */
/*
@ -153,7 +153,7 @@ main(int argc, char *argv[])
exit(0);
if (unveil(file, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", file);
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");

4
usr.bin/look/look.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: look.c,v 1.23 2019/06/28 13:35:01 deraadt Exp $ */
/* $OpenBSD: look.c,v 1.24 2021/07/12 15:09:20 beck Exp $ */
/* $NetBSD: look.c,v 1.7 1995/08/31 22:41:02 jtc Exp $ */
/*-
@ -111,7 +111,7 @@ main(int argc, char *argv[])
}
if (unveil(file, "r") == -1)
err(2, "unveil");
err(2, "unveil %s", file);
if (pledge("stdio rpath", NULL) == -1)
err(2, "pledge");

4
usr.bin/mesg/mesg.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mesg.c,v 1.16 2019/06/28 13:35:02 deraadt Exp $ */
/* $OpenBSD: mesg.c,v 1.17 2021/07/12 15:09:20 beck Exp $ */
/* $NetBSD: mesg.c,v 1.4 1994/12/23 07:16:32 jtc Exp $ */
/*
@ -65,7 +65,7 @@ main(int argc, char *argv[])
err(2, "ttyname");
if (unveil(tty, "rw") == -1)
err(2, "unveil");
err(2, "unveil %s", tty);
if (pledge("stdio rpath fattr", NULL) == -1)
err(2, "pledge");

4
usr.bin/mixerctl/mixerctl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mixerctl.c,v 1.33 2020/04/04 08:43:08 ratchov Exp $ */
/* $OpenBSD: mixerctl.c,v 1.34 2021/07/12 15:09:20 beck Exp $ */
/* $NetBSD: mixerctl.c,v 1.11 1998/04/27 16:55:23 augustss Exp $ */
/*
@ -285,7 +285,7 @@ main(int argc, char **argv)
aflag = 1;
if (unveil(file, "w") == -1)
err(1, "unveil");
err(1, "unveil %s", file);
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

18
usr.bin/nc/netcat.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: netcat.c,v 1.217 2020/02/12 14:46:36 schwarze Exp $ */
/* $OpenBSD: netcat.c,v 1.218 2021/07/12 15:09:20 beck Exp $ */
/*
* Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
* Copyright (c) 2015 Bob Beck. All rights reserved.
@ -364,13 +364,13 @@ main(int argc, char *argv[])
if (usetls) {
if (Cflag && unveil(Cflag, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", Cflag);
if (unveil(Rflag, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", Rflag);
if (Kflag && unveil(Kflag, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", Kflag);
if (oflag && unveil(oflag, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", oflag);
} else if (family == AF_UNIX && uflag && lflag && !kflag) {
/*
* After recvfrom(2) from client, the server connects
@ -380,20 +380,20 @@ main(int argc, char *argv[])
} else {
if (family == AF_UNIX) {
if (unveil(host, "rwc") == -1)
err(1, "unveil");
err(1, "unveil %s", host);
if (uflag && !kflag) {
if (sflag) {
if (unveil(sflag, "rwc") == -1)
err(1, "unveil");
err(1, "unveil %s", sflag);
} else {
if (unveil("/tmp", "rwc") == -1)
err(1, "unveil");
err(1, "unveil /tmp");
}
}
} else {
/* no filesystem visibility */
if (unveil("/", "") == -1)
err(1, "unveil");
err(1, "unveil /");
}
}

16
usr.bin/passwd/local_passwd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: local_passwd.c,v 1.58 2019/10/24 12:56:40 anton Exp $ */
/* $OpenBSD: local_passwd.c,v 1.59 2021/07/12 15:09:20 beck Exp $ */
/*-
* Copyright (c) 1990 The Regents of the University of California.
@ -73,19 +73,19 @@ local_passwd(char *uname, int authenticated)
}
if (unveil(_PATH_MASTERPASSWD_LOCK, "rwc") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_MASTERPASSWD_LOCK);
if (unveil(_PATH_MASTERPASSWD, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_MASTERPASSWD);
if (unveil(_PATH_LOGIN_CONF, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_LOGIN_CONF);
if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
err(1, "unveil");
err(1, "unveil %s.db", _PATH_LOGIN_CONF);
if (unveil(_PATH_BSHELL, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_BSHELL);
if (unveil(_PATH_SHELLS, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_SHELLS);
if (unveil(_PATH_PWD_MKDB, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_PWD_MKDB);
if (pledge("stdio rpath wpath cpath getpw tty id proc exec", NULL) == -1)
err(1, "pledge");

14
usr.bin/sdiff/sdiff.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sdiff.c,v 1.37 2018/09/28 18:21:52 mestre Exp $ */
/* $OpenBSD: sdiff.c,v 1.38 2021/07/12 15:09:20 beck Exp $ */
/*
* Written by Raymond Lai <ray@cyth.net>.
@ -255,7 +255,7 @@ main(int argc, char **argv)
if (outfile && (outfp = fopen(outfile, "w")) == NULL)
err(2, "could not open: %s", optarg);
if ((tmpdir = getenv("TMPDIR")) == NULL || *tmpdir == '\0')
if ((tmpdir = getenv("TMPDIR")) == NULL || *tmpdir == '\0')
tmpdir = _PATH_TMP;
filename1 = argv[0];
@ -263,15 +263,15 @@ main(int argc, char **argv)
if (!Fflag) {
if (unveil(filename1, "r") == -1)
err(2, "unveil");
err(2, "unveil %s", filename1);
if (unveil(filename2, "r") == -1)
err(2, "unveil");
err(2, "unveil %s", filename2);
if (unveil(tmpdir, "rwc") == -1)
err(2, "unveil");
err(2, "unveil %s", tmpdir);
if (unveil("/usr/bin/diff", "x") == -1)
err(2, "unveil");
err(2, "unveil /usr/bin/diff");
if (unveil(_PATH_BSHELL, "x") == -1)
err(2, "unveil");
err(2, "unveil %s", _PATH_BSHELL);
}
if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1)
err(2, "pledge");

4
usr.bin/sndiod/sndiod.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sndiod.c,v 1.45 2021/03/08 09:42:50 ratchov Exp $ */
/* $OpenBSD: sndiod.c,v 1.46 2021/07/12 15:09:20 beck Exp $ */
/*
* Copyright (c) 2008-2012 Alexandre Ratchov <alex@caoua.org>
*
@ -378,7 +378,7 @@ dounveil(char *name, char *prefix, char *path_prefix)
errx(1, "%s: unsupported device or port format", name);
snprintf(path, sizeof(path), "%s%s", path_prefix, name + prefix_len);
if (unveil(path, "rw") == -1)
err(1, "unveil");
err(1, "unveil %s", path);
}
static int

20
usr.bin/su/su.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: su.c,v 1.83 2020/10/30 16:23:57 millert Exp $ */
/* $OpenBSD: su.c,v 1.84 2021/07/12 15:09:20 beck Exp $ */
/*
* Copyright (c) 1988 The Regents of the University of California.
@ -161,17 +161,17 @@ main(int argc, char **argv)
}
if (unveil(_PATH_LOGIN_CONF, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_LOGIN_CONF);
if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
err(1, "unveil");
err(1, "unveil %s.db", _PATH_LOGIN_CONF);
if (unveil(_PATH_AUTHPROGDIR, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_AUTHPROGDIR);
if (unveil(_PATH_SHELLS, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_SHELLS);
if (unveil(_PATH_DEVDB, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_DEVDB);
if (unveil(_PATH_NOLOGIN, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_NOLOGIN);
for (;;) {
char *pw_class = class;
@ -251,9 +251,9 @@ main(int argc, char **argv)
}
if (unveil(shell, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", shell);
if (unveil(pwd->pw_dir, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", pwd->pw_dir);
if ((p = strrchr(shell, '/')))
avshell = p+1;
@ -283,7 +283,7 @@ main(int argc, char **argv)
auth_err(as, 1, "%s", pwd->pw_dir);
} else {
if (unveil("/", "r") == -1)
err(1, "unveil");
err(1, "unveil /");
printf("No home directory %s!\n", pwd->pw_dir);
printf("Logging in with home = \"/\".\n");
if (chdir("/") == -1)

4
usr.bin/systat/main.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: main.c,v 1.75 2021/07/02 15:34:16 millert Exp $ */
/* $OpenBSD: main.c,v 1.76 2021/07/12 15:09:20 beck Exp $ */
/*
* Copyright (c) 2001, 2007 Can Erkin Acar
* Copyright (c) 2001 Daniel Hartmeier
@ -579,7 +579,7 @@ main(int argc, char *argv[])
setup_term(maxlines);
if (unveil("/", "r") == -1)
err(1, "unveil");
err(1, "unveil /");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

10
usr.bin/tcpbench/tcpbench.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tcpbench.c,v 1.64 2021/02/04 18:46:25 bluhm Exp $ */
/* $OpenBSD: tcpbench.c,v 1.65 2021/07/12 15:09:20 beck Exp $ */
/*
* Copyright (c) 2008 Damien Miller <djm@mindrot.org>
@ -1273,11 +1273,11 @@ main(int argc, char **argv)
if (ptb->kvars) {
if (unveil(_PATH_MEM, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_MEM);
if (unveil(_PATH_KMEM, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_KMEM);
if (unveil(_PATH_KSYMS, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_KSYMS);
if ((ptb->kvmh = kvm_openfiles(NULL, NULL, NULL,
O_RDONLY, kerr)) == NULL)
@ -1294,7 +1294,7 @@ main(int argc, char **argv)
if (ptb->Uflag)
if (unveil(host, "rwc") == -1)
err(1, "unveil");
err(1, "unveil %s", host);
if (pledge("stdio id dns inet unix", NULL) == -1)
err(1, "pledge");

4
usr.bin/tty/tty.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tty.c,v 1.11 2018/08/03 06:55:41 deraadt Exp $ */
/* $OpenBSD: tty.c,v 1.12 2021/07/12 15:09:20 beck Exp $ */
/* $NetBSD: tty.c,v 1.4 1994/12/07 00:46:57 jtc Exp $ */
/*
@ -58,7 +58,7 @@ main(int argc, char *argv[])
}
if (unveil(_PATH_DEVDB, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_DEVDB);
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");

4
usr.bin/users/users.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: users.c,v 1.14 2018/08/03 16:02:53 deraadt Exp $ */
/* $OpenBSD: users.c,v 1.15 2021/07/12 15:09:20 beck Exp $ */
/* $NetBSD: users.c,v 1.5 1994/12/20 15:58:19 jtc Exp $ */
/*
@ -54,7 +54,7 @@ main(int argc, char *argv[])
int ch;
if (unveil(_PATH_UTMP, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_UTMP);
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");

4
usr.bin/vmstat/vmstat.c
View File

@ -1,5 +1,5 @@
/* $NetBSD: vmstat.c,v 1.29.4.1 1996/06/05 00:21:05 cgd Exp $ */
/* $OpenBSD: vmstat.c,v 1.150 2019/11/28 16:27:26 guenther Exp $ */
/* $OpenBSD: vmstat.c,v 1.151 2021/07/12 15:09:20 beck Exp $ */
/*
* Copyright (c) 1980, 1986, 1991, 1993
@ -213,7 +213,7 @@ main(int argc, char *argv[])
}
if (unveil("/", "") == -1)
err(1, "unveil");
err(1, "unveil /");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

8
usr.bin/wall/wall.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: wall.c,v 1.34 2019/01/28 20:17:51 deraadt Exp $ */
/* $OpenBSD: wall.c,v 1.35 2021/07/12 15:09:20 beck Exp $ */
/* $NetBSD: wall.c,v 1.6 1994/11/17 07:17:58 jtc Exp $ */
/*
@ -116,11 +116,11 @@ main(int argc, char **argv)
makemsg(*argv);
if (unveil(_PATH_UTMP, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_UTMP);
if (unveil(_PATH_DEV, "w") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_DEV);
if (unveil(_PATH_DEVDB, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_DEVDB);
if (pledge("stdio rpath wpath getpw proc", NULL) == -1)
err(1, "pledge");

12
usr.bin/who/who.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: who.c,v 1.29 2020/08/27 15:20:31 semarie Exp $ */
/* $OpenBSD: who.c,v 1.30 2021/07/12 15:09:20 beck Exp $ */
/* $NetBSD: who.c,v 1.4 1994/12/07 04:28:49 jtc Exp $ */
/*
@ -113,7 +113,7 @@ main(int argc, char *argv[])
if (show_quick) {
only_current_term = show_term = show_idle = show_labels = 0;
}
if (show_term)
hostwidth -= 2;
if (show_idle)
@ -123,10 +123,10 @@ main(int argc, char *argv[])
output_labels();
if (unveil(_PATH_UTMP, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_UTMP);
if (show_term || show_idle) {
if (unveil(_PATH_DEV, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_DEV);
}
switch (argc) {
case 0: /* who */
@ -138,7 +138,7 @@ main(int argc, char *argv[])
who_am_i(ufp);
} else if (show_quick) {
int count = 0;
while (fread((char *)&usr, sizeof(usr), 1, ufp) == 1) {
if (*usr.ut_name && *usr.ut_line) {
(void)printf("%-*.*s ", NAME_WIDTH,
@ -159,7 +159,7 @@ main(int argc, char *argv[])
break;
case 1: /* who utmp_file */
if (unveil(*argv, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", *argv);
if (pledge("stdio rpath getpw", NULL) == -1)
err(1, "pledge");
ufp = file(*argv);

4
usr.sbin/acme-client/chngproc.c
View File

@ -1,4 +1,4 @@
/* $Id: chngproc.c,v 1.15 2019/08/12 18:01:44 benno Exp $ */
/* $Id: chngproc.c,v 1.16 2021/07/12 15:09:20 beck Exp $ */
/*
* Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -38,7 +38,7 @@ chngproc(int netsock, const char *root)
if (unveil(root, "wc") == -1) {
warn("unveil");
warn("unveil %s", root);
goto out;
}

4
usr.sbin/acme-client/fileproc.c
View File

@ -1,4 +1,4 @@
/* $Id: fileproc.c,v 1.17 2021/01/03 16:32:38 florian Exp $ */
/* $Id: fileproc.c,v 1.18 2021/07/12 15:09:20 beck Exp $ */
/*
* Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -100,7 +100,7 @@ fileproc(int certsock, const char *certdir, const char *certfile, const char
enum fileop op;
if (unveil(certdir, "rwc") == -1) {
warn("unveil");
warn("unveil %s", certdir);
goto out;
}

4
usr.sbin/acme-client/netproc.c
View File

@ -1,4 +1,4 @@
/* $Id: netproc.c,v 1.29 2020/12/24 08:17:49 florian Exp $ */
/* $Id: netproc.c,v 1.30 2021/07/12 15:09:20 beck Exp $ */
/*
* Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv>
*
@ -688,7 +688,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd,
memset(&c, 0, sizeof(struct conn));
if (unveil(tls_default_ca_cert_file(), "r") == -1) {
warn("unveil");
warn("unveil %s", tls_default_ca_cert_file());
goto out;
}

18
usr.sbin/acpidump/acpidump.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: acpidump.c,v 1.23 2019/05/11 19:17:56 lteo Exp $ */
/* $OpenBSD: acpidump.c,v 1.24 2021/07/12 15:09:20 beck Exp $ */
/*
* Copyright (c) 2000 Mitsuru IWASAKI <iwasaki@FreeBSD.org>
* All rights reserved.
@ -606,25 +606,25 @@ asl_dump_from_devmem(void)
/* Can only unveil if being dumped to a dir */
if (aml_dumpdir) {
if (unveil(aml_dumpfile, "wc") == -1)
err(1, "unveil");
err(1, "unveil %s", aml_dumpfile);
} else if (aml_dumpfile[0] == '/') { /* admittedly pretty shitty */
if (unveil("/", "wc") == -1)
err(1, "unveil");
err(1, "unveil /");
} else {
if (unveil(".", "wc") == -1)
err(1, "unveil");
err(1, "unveil .");
}
if (unveil(_PATH_MEM, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_MEM);
if (unveil(_PATH_KMEM, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_KMEM);
if (unveil(_PATH_KVMDB, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_KVMDB);
if (unveil(_PATH_KSYMS, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_KSYMS);
if (unveil(_PATH_UNIX, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_UNIX);
if (pledge("stdio rpath wpath cpath", NULL) == -1)
err(1, "pledge");

4
usr.sbin/apmd/apmd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: apmd.c,v 1.105 2021/04/18 23:51:47 jca Exp $ */
/* $OpenBSD: apmd.c,v 1.106 2021/07/12 15:09:20 beck Exp $ */
/*
* Copyright (c) 1995, 1996 John T. Kohl
@ -504,7 +504,7 @@ main(int argc, char *argv[])
exit(0);
if (unveil(_PATH_APM_ETC_DIR, "rx") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_APM_ETC_DIR);
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

8
usr.sbin/dev_mkdb/dev_mkdb.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: dev_mkdb.c,v 1.17 2018/10/18 14:37:01 deraadt Exp $ */
/* $OpenBSD: dev_mkdb.c,v 1.18 2021/07/12 15:09:20 beck Exp $ */
/*-
* Copyright (c) 1990, 1993
@ -65,11 +65,11 @@ main(int argc, char *argv[])
(void)snprintf(dbname, sizeof(dbname), "%sdev.db", _PATH_VARRUN);
if (unveil(_PATH_DEV, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_DEV);
if (unveil(dbtmp, "rwc") == -1)
err(1, "unveil");
err(1, "unveil %s", dbtmp);
if (unveil(dbname, "wc") == -1)
err(1, "unveil");
err(1, "unveil %s", dbname);
if (pledge("stdio rpath wpath cpath flock", NULL) == -1)
err(1, "pledge");

4
usr.sbin/dhcpd/pfutils.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pfutils.c,v 1.21 2019/08/08 06:59:44 mestre Exp $ */
/* $OpenBSD: pfutils.c,v 1.22 2021/07/12 15:09:20 beck Exp $ */
/*
* Copyright (c) 2006 Chris Kuethe <ckuethe@openbsd.org>
*
@ -62,7 +62,7 @@ pftable_handler()
/* no filesystem visibility */
if (unveil("/", "") == -1)
fatal("unveil");
fatal("unveil /");
if (unveil(NULL, NULL) == -1)
fatal("unveil");

10
usr.sbin/hotplugd/hotplugd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: hotplugd.c,v 1.16 2020/10/15 19:45:50 naddy Exp $ */
/* $OpenBSD: hotplugd.c,v 1.17 2021/07/12 15:09:21 beck Exp $ */
/*
* Copyright (c) 2004 Alexander Yurchenko <grange@openbsd.org>
*
@ -77,13 +77,13 @@ main(int argc, char *argv[])
argv += optind;
if (argc > 0)
usage();
if (unveil(device, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", device);
if (unveil(_PATH_ETC_HOTPLUG_ATTACH, "rx") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_ETC_HOTPLUG_ATTACH);
if (unveil(_PATH_ETC_HOTPLUG_DETACH, "rx") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_ETC_HOTPLUG_DETACH);
if (pledge("stdio rpath proc exec", NULL) == -1)
err(1, "pledge");

6
usr.sbin/ifstated/ifstated.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ifstated.c,v 1.65 2020/12/30 18:40:44 benno Exp $ */
/* $OpenBSD: ifstated.c,v 1.66 2021/07/12 15:09:21 beck Exp $ */
/*
* Copyright (c) 2004 Marco Pfatschbacher <mpf@openbsd.org>
@ -162,9 +162,9 @@ main(int argc, char *argv[])
log_warn("%s: setsockopt tablefilter", __func__);
if (unveil(configfile, "r") == -1)
fatal("unveil");
fatal("unveil %s", configfile);
if (unveil(_PATH_BSHELL, "x") == -1)
fatal("unveil");
fatal("unveil %s", _PATH_BSHELL);
if (pledge("stdio rpath route proc exec", NULL) == -1)
fatal("pledge");

4
usr.sbin/iostat/iostat.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: iostat.c,v 1.43 2020/08/21 01:10:07 kn Exp $ */
/* $OpenBSD: iostat.c,v 1.44 2021/07/12 15:09:21 beck Exp $ */
/* $NetBSD: iostat.c,v 1.10 1996/10/25 18:21:58 scottr Exp $ */
/*
@ -163,7 +163,7 @@ main(int argc, char *argv[])
dkinit(0);
if (unveil("/", "") == -1)
err(1, "unveil");
err(1, "unveil /");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

10
usr.sbin/kvm_mkdb/kvm_mkdb.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kvm_mkdb.c,v 1.31 2019/06/28 13:32:48 deraadt Exp $ */
/* $OpenBSD: kvm_mkdb.c,v 1.32 2021/07/12 15:09:21 beck Exp $ */
/*-
* Copyright (c) 1990, 1993
@ -117,15 +117,15 @@ main(int argc, char *argv[])
if (argc > 0) {
if (unveil(argv[0], "r") == -1)
err(1, "unveil");
err(1, "unveil %s", argv[0]);
} else {
if (unveil(_PATH_UNIX, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_UNIX);
if (unveil(_PATH_KSYMS, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_KSYMS);
}
if (unveil(dbdir, "rwc") == -1)
err(1, "unveil");
err(1, "unveil %s", dbdir);
if (pledge("stdio rpath wpath cpath fattr flock", NULL) == -1)
err(1, "pledge");

12
usr.sbin/ldapd/ldapd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ldapd.c,v 1.27 2021/01/27 22:12:28 rob Exp $ */
/* $OpenBSD: ldapd.c,v 1.28 2021/07/12 15:09:21 beck Exp $ */
/*
* Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se>
@ -237,15 +237,15 @@ main(int argc, char *argv[])
ldapd_needfd);
if (unveil(_PATH_NOLOGIN, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_NOLOGIN);
if (unveil(_PATH_LOGIN_CONF, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_LOGIN_CONF);
if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
err(1, "unveil");
err(1, "unveil %s.db", _PATH_LOGIN_CONF);
if (unveil(_PATH_AUTHPROGDIR, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_AUTHPROGDIR);
if (unveil(datadir, "rw") == -1)
err(1, "unveil");
err(1, "unveil %s", datadir);
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

4
usr.sbin/makefs/cd9660.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cd9660.c,v 1.21 2018/11/20 01:13:14 yasuoka Exp $ */
/* $OpenBSD: cd9660.c,v 1.22 2021/07/12 15:09:21 beck Exp $ */
/* $NetBSD: cd9660.c,v 1.53 2016/11/25 23:02:44 christos Exp $ */
/*
@ -1975,7 +1975,7 @@ cd9660_add_generic_bootimage(iso9660_disk *diskStructure, const char *bootimage)
diskStructure->generic_bootimage = estrdup(bootimage);
if (unveil(diskStructure->generic_bootimage, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", diskStructure->generic_bootimage);
/* Get information about the file */
if (lstat(diskStructure->generic_bootimage, &stbuf) == -1)
err(1, "%s: lstat(\"%s\")", __func__,

4
usr.sbin/makefs/cd9660/cd9660_eltorito.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cd9660_eltorito.c,v 1.14 2018/11/20 01:13:15 yasuoka Exp $ */
/* $OpenBSD: cd9660_eltorito.c,v 1.15 2021/07/12 15:09:21 beck Exp $ */
/* $NetBSD: cd9660_eltorito.c,v 1.20 2013/01/28 21:03:28 christos Exp $ */
/*
@ -120,7 +120,7 @@ cd9660_add_boot_disk(iso9660_disk *diskStructure, const char *boot_info)
free(temp);
if (unveil(new_image->filename, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", new_image->filename);
/* Get information about the file */
if (lstat(new_image->filename, &stbuf) == -1)
err(1, "%s: lstat(\"%s\")", __func__, new_image->filename);

6
usr.sbin/makefs/makefs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: makefs.c,v 1.20 2018/09/24 22:55:50 deraadt Exp $ */
/* $OpenBSD: makefs.c,v 1.21 2021/07/12 15:09:21 beck Exp $ */
/* $NetBSD: makefs.c,v 1.53 2015/11/27 15:10:32 joerg Exp $ */
/*
@ -199,9 +199,9 @@ main(int argc, char *argv[])
usage();
if (unveil(argv[0], "rwc") == -1)
err(1, "unveil");
err(1, "unveil %s", argv[0]);
if (unveil(argv[1], "rw") == -1)
err(1, "unveil");
err(1, "unveil %s", argv[1]);
if (pledge("stdio rpath wpath cpath", NULL) == -1)
err(1, "pledge");

6
usr.sbin/ntpd/ntpd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ntpd.c,v 1.129 2020/02/12 19:14:56 otto Exp $ */
/* $OpenBSD: ntpd.c,v 1.130 2021/07/12 15:09:21 beck Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -284,9 +284,9 @@ main(int argc, char *argv[])
* then privdrop into chroot before speaking to the outside world.
*/
if (unveil(tls_default_ca_cert_file(), "r") == -1)
err(1, "unveil");
err(1, "unveil %s", tls_default_ca_cert_file());
if (unveil("/usr/sbin/ntpd", "x") == -1)
err(1, "unveil");
err(1, "unveil /usr/sbin/ntpd");
if (pledge("stdio rpath inet settime proc exec id", NULL) == -1)
err(1, "pledge");

8
usr.sbin/ocspcheck/ocspcheck.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ocspcheck.c,v 1.29 2021/02/09 16:55:51 claudio Exp $ */
/* $OpenBSD: ocspcheck.c,v 1.30 2021/07/12 15:09:21 beck Exp $ */
/*
* Copyright (c) 2017,2020 Bob Beck <beck@openbsd.org>
@ -617,14 +617,14 @@ main(int argc, char **argv)
if (cafile != NULL) {
if (unveil(cafile, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", cafile);
}
if (cadir != NULL) {
if (unveil(cadir, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", cadir);
}
if (unveil(certfile, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", certfile);
if (pledge("stdio inet rpath dns", NULL) == -1)
err(1, "pledge");

4
usr.sbin/pcidump/pcidump.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pcidump.c,v 1.64 2021/05/30 02:24:43 jsg Exp $ */
/* $OpenBSD: pcidump.c,v 1.65 2021/07/12 15:09:21 beck Exp $ */
/*
* Copyright (c) 2006, 2007 David Gwynne <loki@animata.net>
@ -191,7 +191,7 @@ main(int argc, char *argv[])
}
if (unveil("/dev", "r") == -1)
err(1, "unveil");
err(1, "unveil /dev");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

4
usr.sbin/pstat/pstat.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pstat.c,v 1.123 2020/09/28 15:53:13 tb Exp $ */
/* $OpenBSD: pstat.c,v 1.124 2021/07/12 15:09:21 beck Exp $ */
/* $NetBSD: pstat.c,v 1.27 1996/10/23 22:50:06 cgd Exp $ */
/*-
@ -230,7 +230,7 @@ main(int argc, char *argv[])
}
if (unveil(_PATH_DEVDB, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_DEVDB);
if (pledge("stdio rpath vminfo", NULL) == -1)
err(1, "pledge");

4
usr.sbin/relayd/relayd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: relayd.c,v 1.186 2021/01/27 07:21:54 deraadt Exp $ */
/* $OpenBSD: relayd.c,v 1.187 2021/07/12 15:09:21 beck Exp $ */
/*
* Copyright (c) 2007 - 2016 Reyk Floeter <reyk@openbsd.org>
@ -225,7 +225,7 @@ main(int argc, char *argv[])
log_info("startup");
if (unveil("/", "rx") == -1)
err(1, "unveil");
err(1, "unveil /");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

8
usr.sbin/sensorsd/sensorsd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sensorsd.c,v 1.67 2020/07/22 15:33:49 bluhm Exp $ */
/* $OpenBSD: sensorsd.c,v 1.68 2021/07/12 15:09:21 beck Exp $ */
/*
* Copyright (c) 2003 Henning Brauer <henning@openbsd.org>
@ -147,11 +147,11 @@ main(int argc, char *argv[])
chdir("/");
if (unveil(configfile, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", configfile);
if (unveil(configdb, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", configdb);
if (unveil("/", "x") == -1)
err(1, "unveil");
err(1, "unveil /");
if (pledge("stdio rpath proc exec", NULL) == -1)
err(1, "pledge");

16
usr.sbin/syslogd/privsep.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: privsep.c,v 1.72 2020/09/16 11:03:36 martijn Exp $ */
/* $OpenBSD: privsep.c,v 1.73 2021/07/12 15:09:21 beck Exp $ */
/*
* Copyright (c) 2003 Anil Madhavapeddy <anil@recoil.org>
@ -185,24 +185,24 @@ priv_exec(char *conf, int numeric, int child, int argc, char *argv[])
errx(1, "unknown user _syslogd");
if (unveil(conf, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", conf);
if (unveil(_PATH_UTMP, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_UTMP);
if (unveil(_PATH_DEV, "rw") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_DEV);
if (unveil(_PATH_LOGPID, "c") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_LOGPID);
/* for pipes */
if (unveil(_PATH_BSHELL, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_BSHELL);
/* For HUP / re-exec */
if (unveil("/usr/sbin/syslogd", "x") == -1)
err(1, "unveil");
err(1, "unveil /usr/sbin/syslogd");
if (argv[0][0] == '/')
if (unveil(argv[0], "x") == -1)
err(1, "unveil");
err(1, "unveil %s", argv[0]);
if (pledge("stdio unveil rpath wpath cpath dns sendfd id proc exec",
NULL) == -1)

6
usr.sbin/tcpdrop/tcpdrop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tcpdrop.c,v 1.19 2019/11/27 17:49:09 deraadt Exp $ */
/* $OpenBSD: tcpdrop.c,v 1.20 2021/07/12 15:09:21 beck Exp $ */
/*
* Copyright (c) 2004 Markus Friedl <markus@openbsd.org>
@ -65,9 +65,9 @@ main(int argc, char **argv)
int gaierr, rval = 0;
if (unveil(_PATH_HOSTS, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_HOSTS);
if (unveil(_PATH_RESCONF, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_RESCONF);
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

6
usr.sbin/tcpdump/privsep.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: privsep.c,v 1.55 2020/12/04 11:36:13 mvs Exp $ */
/* $OpenBSD: privsep.c,v 1.56 2021/07/12 15:09:21 beck Exp $ */
/*
* Copyright (c) 2003 Can Erkin Acar
@ -316,9 +316,9 @@ priv_exec(int argc, char *argv[])
drop_privs(1);
if (unveil("/etc/ethers", "r") == -1)
err(1, "unveil");
err(1, "unveil /etc/ethers");
if (unveil("/etc/rpc", "r") == -1)
err(1, "unveil");
err(1, "unveil /etc/rpc");
if (pledge("stdio rpath dns bpf", NULL) == -1)
err(1, "pledge");

4
usr.sbin/traceroute/traceroute.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: traceroute.c,v 1.163 2020/02/11 18:41:39 deraadt Exp $ */
/* $OpenBSD: traceroute.c,v 1.164 2021/07/12 15:09:21 beck Exp $ */
/* $NetBSD: traceroute.c,v 1.10 1995/05/21 15:50:45 mycroft Exp $ */
/*
@ -329,7 +329,7 @@ main(int argc, char *argv[])
/* Cannot pledge due to special setsockopt()s below */
if (unveil("/", "r") == -1)
err(1, "unveil");
err(1, "unveil /");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

10
usr.sbin/unbound/smallapp/unbound-anchor.c
View File

@ -2418,17 +2418,17 @@ int main(int argc, char* argv[])
exit(0);
}
if (unveil(root_anchor_temppath, "rwc") == -1)
err(1, "unveil");
err(1, "unveil %s", root_anchor_temppath);
free(root_anchor_temppath);
free(s);
if (unveil(root_cert_file, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", root_cert_file);
if (res_conf != NULL && unveil(res_conf, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", res_conf);
if (root_hints != NULL && unveil(root_hints, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", root_hints);
if (debugconf != NULL && unveil(debugconf, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", debugconf);
if (pledge("stdio rpath wpath cpath inet dns", NULL) == -1)
err(1, "pledge");

4
usr.sbin/usbdevs/usbdevs.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: usbdevs.c,v 1.33 2019/12/22 14:02:38 semarie Exp $ */
/* $OpenBSD: usbdevs.c,v 1.34 2021/07/12 15:09:22 beck Exp $ */
/* $NetBSD: usbdevs.c,v 1.19 2002/02/21 00:34:31 christos Exp $ */
/*
@ -263,7 +263,7 @@ main(int argc, char **argv)
usage();
if (unveil("/dev", "r") == -1)
err(1, "unveil");
err(1, "unveil /dev");
if (unveil(NULL, NULL) == -1)
err(1, "unveil");

10
usr.sbin/vipw/vipw.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: vipw.c,v 1.24 2019/06/28 13:32:51 deraadt Exp $ */
/* $OpenBSD: vipw.c,v 1.25 2021/07/12 15:09:22 beck Exp $ */
/*
* Copyright (c) 1987, 1993, 1994
@ -64,13 +64,13 @@ main(int argc, char *argv[])
usage();
if (unveil(_PATH_MASTERPASSWD_LOCK, "rwc") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_MASTERPASSWD_LOCK);
if (unveil(_PATH_MASTERPASSWD, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_MASTERPASSWD);
if (unveil(_PATH_BSHELL, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_BSHELL);
if (unveil(_PATH_PWD_MKDB, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", _PATH_PWD_MKDB);
if (pledge("stdio rpath wpath cpath fattr proc exec", NULL) == -1)
err(1, "pledge");

6
usr.sbin/vmctl/main.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: main.c,v 1.67 2021/06/28 14:01:38 tb Exp $ */
/* $OpenBSD: main.c,v 1.68 2021/07/12 15:09:22 beck Exp $ */
/*
* Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@ -197,7 +197,7 @@ vmmaction(struct parse_result *res)
if (ctl_sock == -1) {
if (unveil(SOCKET_NAME, "r") == -1)
err(1, "unveil");
err(1, "unveil %s", SOCKET_NAME);
if ((ctl_sock = socket(AF_UNIX,
SOCK_STREAM|SOCK_CLOEXEC, 0)) == -1)
err(1, "socket");
@ -1023,7 +1023,7 @@ ctl_openconsole(const char *name)
{
closefrom(STDERR_FILENO + 1);
if (unveil(VMCTL_CU, "x") == -1)
err(1, "unveil");
err(1, "unveil %s", VMCTL_CU);
execl(VMCTL_CU, VMCTL_CU, "-r", "-l", name, "-s", "115200",
(char *)NULL);
err(1, "failed to open the console");