opendoas

my fork of doas with custom prompt
git clone git://git.kocotian.pl/opendoas.git
Log | Files | Refs | README | LICENSE

commit 96d78078f6fcddc07b57aa8edabf305e4c12ed68
parent 3916903608b12ae310588c51466c46971977acb6
Author: semarie <semarie>
Date:   Sat, 14 Sep 2019 17:47:00 +0000

correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).

problem initially noted by myself for passwd(1)
millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1)
mestre@ noted chpass(1) too

ok mestre@ millert@

Diffstat:
Mdoas.c | 3++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doas.c b/doas.c @@ -458,7 +458,8 @@ main(int argc, char **argv) formerpath = ""; # ifdef __OpenBSD__ - if (unveil(_PATH_LOGIN_CONF, "r") == -1) + if (unveil(_PATH_LOGIN_CONF, "r") == -1 || + unveil(_PATH_LOGIN_CONF ".db", "r") == -1) err(1, "unveil"); # endif if (rule->cmd) {