From: semarie <semarie>
Date: Sat, 14 Sep 2019 17:47:00 +0000 (+0000)
Subject: correct some unveil(2) violations due to "login.conf.db" access (the .db version... 
X-Git-Tag: v6.6~5
X-Git-Url: https://git.armaanb.net/?p=opendoas.git;a=commitdiff_plain;h=96d78078f6fcddc07b57aa8edabf305e4c12ed68

correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).

problem initially noted by myself for passwd(1)
millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1)
mestre@ noted chpass(1) too

ok mestre@ millert@
---

diff --git a/doas.c b/doas.c
index bc03abd..71f955a 100644
--- a/doas.c
+++ b/doas.c
@@ -458,7 +458,8 @@ main(int argc, char **argv)
 		formerpath = "";
 
 # ifdef __OpenBSD__
-	if (unveil(_PATH_LOGIN_CONF, "r") == -1)
+	if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
+	    unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
 		err(1, "unveil");
 # endif
 	if (rule->cmd) {