]> git.armaanb.net Git - opendoas.git/commitdiff
projects / opendoas.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3916903)
correct some unveil(2) violations due to "login.conf.db" access (the .db version...
authorsemarie <semarie>
Sat, 14 Sep 2019 17:47:00 +0000 (17:47 +0000)
committerDuncan Overbruck <mail@duncano.de>
Sat, 19 Oct 2019 13:03:04 +0000 (15:03 +0200)
problem initially noted by myself for passwd(1)
millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1)
mestre@ noted chpass(1) too

ok mestre@ millert@

doas.c patch | blob | history

diff --git a/doas.c b/doas.c
index bc03abda2a33bc50b2d6fc663d4552bc962ad84a..71f955a76afc65b7a328ff9b2963f6b8537eaf2f 100644 (file)
--- a/doas.c
+++ b/doas.c
@@ -458,7 +458,8 @@ main(int argc, char **argv)
                formerpath = "";
 
 # ifdef __OpenBSD__
-       if (unveil(_PATH_LOGIN_CONF, "r") == -1)
+       if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
+           unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
                err(1, "unveil");
 # endif
        if (rule->cmd) {
Fork of OpenDoas that insults you