unveil(2) the following files for passwd(1) with their corresponding

permissions:

_PATH_MASTERPASSWD_LOCK - write/create permissions
_PATH_MASTERPASSWD - read permission
_PATH_BSHELL - execute permission (required since we might need to spawn an
external passwordcheck program if defined in /etc/login.conf)
_PATH_PWD_MKDB - execute permission

OK millert@ deraadt@

1 files changed, 10 insertions, 1 deletions

diff --git a/usr.bin/passwd/local_passwd.c b/usr.bin/passwd/local_passwd.c
index e661c8ea498..464b720f776 100644
--- a/usr.bin/passwd/local_passwd.c
+++ b/usr.bin/passwd/local_passwd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: local_passwd.c,v 1.53 2016/12/30 23:32:14 millert Exp $	*/
+/*	$OpenBSD: local_passwd.c,v 1.54 2018/10/25 06:41:38 mestre Exp $	*/
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -36,6 +36,7 @@
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <paths.h>
 #include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -71,6 +72,14 @@ local_passwd(char *uname, int authenticated)
 		return(1);
 	}
 
+	if (unveil(_PATH_MASTERPASSWD_LOCK, "wc") == -1)
+		err(1, "unveil");
+	if (unveil(_PATH_MASTERPASSWD, "r") == -1)
+		err(1, "unveil");
+	if (unveil(_PATH_BSHELL, "x") == -1)
+		err(1, "unveil");
+	if (unveil(_PATH_PWD_MKDB, "x") == -1)
+		err(1, "unveil");
 	if (pledge("stdio rpath wpath cpath getpw tty id proc exec", NULL) == -1)
 		err(1, "pledge");