From 96d78078f6fcddc07b57aa8edabf305e4c12ed68 Mon Sep 17 00:00:00 2001
From: semarie <semarie>
Date: Sat, 14 Sep 2019 17:47:00 +0000
Subject: [PATCH] correct some unveil(2) violations due to "login.conf.db"
 access (the .db version of "login.conf"), and stat(2) on
 _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).

problem initially noted by myself for passwd(1)
millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1)
mestre@ noted chpass(1) too

ok mestre@ millert@
---
 doas.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doas.c b/doas.c
index bc03abd..71f955a 100644
--- a/doas.c
+++ b/doas.c
@@ -458,7 +458,8 @@ main(int argc, char **argv)
 		formerpath = "";
 
 # ifdef __OpenBSD__
-	if (unveil(_PATH_LOGIN_CONF, "r") == -1)
+	if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
+	    unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
 		err(1, "unveil");
 # endif
 	if (rule->cmd) {
-- 
2.39.2