correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)). - opendoas

commit 96d78078f6fcddc07b57aa8edabf305e4c12ed68
parent 3916903608b12ae310588c51466c46971977acb6
Author: semarie <semarie>
Date:   Sat, 14 Sep 2019 17:47:00 +0000

correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).

problem initially noted by myself for passwd(1)
millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1)
mestre@ noted chpass(1) too

ok mestre@ millert@

Diffstat:
M doas.c  | 3 ++-

1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/doas.c b/doas.c
@@ -458,7 +458,8 @@ main(int argc, char **argv)
 		formerpath = "";
 
 # ifdef __OpenBSD__
-	if (unveil(_PATH_LOGIN_CONF, "r") == -1)
+	if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
+	    unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
 		err(1, "unveil");
 # endif
 	if (rule->cmd) {

	opendoas my fork of doas with custom prompt
	git clone git://git.kocotian.pl/opendoas.git
	Log \| Files \| Refs \| README \| LICENSE