summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRicardo Mestre <mestre@cvs.openbsd.org>2019-08-08 16:50:53 +0000
committerRicardo Mestre <mestre@cvs.openbsd.org>2019-08-08 16:50:53 +0000
commit27b028eebd6b32f3c76ab2feb861b807f08fd913 (patch)
tree4cc1dd23d94961618d0aa8b53b51a2e255d7bdd2
parent93dbd292c662f3cd13053ba1e732f3817c2bc2dc (diff)
added /* no filesystem visibility */ above unveil("/", "") since "" is too easy
to misread. as per suggestion by and OK deraadt@
-rw-r--r--sbin/ifconfig/ifconfig.c3
-rw-r--r--usr.bin/nc/netcat.c3
-rw-r--r--usr.sbin/ripd/ripd.c3
-rw-r--r--usr.sbin/snmpd/snmpe.c3
4 files changed, 8 insertions, 4 deletions
diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index e3879e9fcc2..63edd59e82a 100644
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ifconfig.c,v 1.408 2019/07/25 15:23:38 krw Exp $ */
+/* $OpenBSD: ifconfig.c,v 1.409 2019/08/08 16:48:48 mestre Exp $ */
/* $NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $ */
/*
@@ -723,6 +723,7 @@ main(int argc, char *argv[])
/* If no args at all, print all interfaces. */
if (argc < 2) {
+ /* no filesystem visibility */
if (unveil("/", "") == -1)
err(1, "unveil");
if (unveil(NULL, NULL) == -1)
diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c
index c2e769c4c05..c04298f64c3 100644
--- a/usr.bin/nc/netcat.c
+++ b/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: netcat.c,v 1.205 2019/06/28 13:35:02 deraadt Exp $ */
+/* $OpenBSD: netcat.c,v 1.206 2019/08/08 16:49:35 mestre Exp $ */
/*
* Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
* Copyright (c) 2015 Bob Beck. All rights reserved.
@@ -383,6 +383,7 @@ main(int argc, char *argv[])
err(1, "unveil");
}
} else {
+ /* no filesystem visibility */
if (unveil("/", "") == -1)
err(1, "unveil");
}
diff --git a/usr.sbin/ripd/ripd.c b/usr.sbin/ripd/ripd.c
index dd5a11cc802..7a34e5989fa 100644
--- a/usr.sbin/ripd/ripd.c
+++ b/usr.sbin/ripd/ripd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ripd.c,v 1.32 2018/12/31 20:34:16 remi Exp $ */
+/* $OpenBSD: ripd.c,v 1.33 2019/08/08 16:50:15 mestre Exp $ */
/*
* Copyright (c) 2006 Michele Marchetto <mydecay@openbeer.it>
@@ -211,6 +211,7 @@ main(int argc, char *argv[])
rde_pid = rde(conf, pipe_parent2rde, pipe_ripe2rde, pipe_parent2ripe);
ripe_pid = ripe(conf, pipe_parent2ripe, pipe_ripe2rde, pipe_parent2rde);
+ /* no filesystem visibility */
if (unveil("/", "") == -1)
fatal("unveil");
if (unveil(NULL, NULL) == -1)
diff --git a/usr.sbin/snmpd/snmpe.c b/usr.sbin/snmpd/snmpe.c
index 8bb063667c1..7d345ec4e0b 100644
--- a/usr.sbin/snmpd/snmpe.c
+++ b/usr.sbin/snmpd/snmpe.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: snmpe.c,v 1.58 2019/05/13 07:24:50 martijn Exp $ */
+/* $OpenBSD: snmpe.c,v 1.59 2019/08/08 16:50:52 mestre Exp $ */
/*
* Copyright (c) 2007, 2008, 2012 Reyk Floeter <reyk@openbsd.org>
@@ -120,6 +120,7 @@ snmpe_init(struct privsep *ps, struct privsep_proc *p, void *arg)
event_add(&so->s_ev, NULL);
}
+ /* no filesystem visibility */
if (unveil("/", "") == -1)
fatal("unveil");
if (unveil(NULL, NULL) == -1)