diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2021-07-12 15:09:23 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2021-07-12 15:09:23 +0000 |
| commit | 73e82762d46ada77045a4c76185bdd75e2e712c3 (patch) | |
| tree | 1e6fb3124598f66f9f86720c24b0174176b345c2 | |
| parent | e8f12d212e4dfa88699628d0df2a4e442a348350 (diff) | |
Change the error reporting pattern throughout the tree when unveil
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
80 files changed, 284 insertions, 282 deletions
diff --git a/bin/ps/ps.c b/bin/ps/ps.c index 84be7afe802..9ba02d19c70 100644 --- a/bin/ps/ps.c +++ b/bin/ps/ps.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ps.c,v 1.76 2019/12/16 19:21:16 guenther Exp $ */ +/* $OpenBSD: ps.c,v 1.77 2021/07/12 15:09:18 beck Exp $ */ /* $NetBSD: ps.c,v 1.15 1995/05/18 20:33:25 mycroft Exp $ */ /*- @@ -276,18 +276,18 @@ main(int argc, char *argv[]) errx(1, "%s", errbuf); if (unveil(_PATH_DEVDB, "r") == -1 && errno != ENOENT) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEVDB); if (unveil(_PATH_DEV, "r") == -1 && errno != ENOENT) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEV); if (swapf) if (unveil(swapf, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", swapf); if (nlistf) if (unveil(nlistf, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", nlistf); if (memf) if (unveil(memf, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", memf); if (pledge("stdio rpath getpw ps", NULL) == -1) err(1, "pledge"); diff --git a/games/tetris/tetris.c b/games/tetris/tetris.c index 69f4532a4ac..59b61734e90 100644 --- a/games/tetris/tetris.c +++ b/games/tetris/tetris.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tetris.c,v 1.34 2019/05/18 19:38:25 rob Exp $ */ +/* $OpenBSD: tetris.c,v 1.35 2021/07/12 15:09:18 beck Exp $ */ /* $NetBSD: tetris.c,v 1.2 1995/04/22 07:42:47 cgd Exp $ */ /*- @@ -234,7 +234,7 @@ main(int argc, char *argv[]) scr_init(); if (unveil(scorepath, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", scorepath); if (pledge("stdio rpath wpath cpath tty", NULL) == -1) err(1, "pledge"); diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c index 3a90d34d94a..45007ac89dc 100644 --- a/libexec/comsat/comsat.c +++ b/libexec/comsat/comsat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: comsat.c,v 1.49 2018/09/24 22:56:54 deraadt Exp $ */ +/* $OpenBSD: comsat.c,v 1.50 2021/07/12 15:09:18 beck Exp $ */ /* * Copyright (c) 1980, 1993 @@ -92,13 +92,13 @@ main(int argc, char *argv[]) } if (unveil(_PATH_MAILDIR, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_MAILDIR); if (unveil(_PATH_UTMP, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_UTMP); if (unveil("/tmp", "w") == -1) - err(1, "unveil"); + err(1, "unveil /tmp"); if (unveil(_PATH_DEV, "rw") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEV); if (pledge("stdio rpath wpath proc tty", NULL) == -1) err(1, "pledge"); diff --git a/libexec/fingerd/fingerd.c b/libexec/fingerd/fingerd.c index f1de0bef5e0..e808e8f3188 100644 --- a/libexec/fingerd/fingerd.c +++ b/libexec/fingerd/fingerd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fingerd.c,v 1.41 2019/06/28 13:32:53 deraadt Exp $ */ +/* $OpenBSD: fingerd.c,v 1.42 2021/07/12 15:09:18 beck Exp $ */ /* * Copyright (c) 1983, 1993 @@ -109,7 +109,7 @@ main(int argc, char *argv[]) } if (unveil(prog, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", prog); if (pledge("stdio inet dns proc exec", NULL) == -1) err(1, "pledge"); diff --git a/libexec/lockspool/lockspool.c b/libexec/lockspool/lockspool.c index 2206ee73f96..75c2be56c0c 100644 --- a/libexec/lockspool/lockspool.c +++ b/libexec/lockspool/lockspool.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lockspool.c,v 1.21 2020/02/09 14:59:20 millert Exp $ */ +/* $OpenBSD: lockspool.c,v 1.22 2021/07/12 15:09:18 beck Exp $ */ /* * Copyright (c) 1998 Theo de Raadt <deraadt@theos.com> @@ -54,7 +54,7 @@ main(int argc, char *argv[]) int holdfd; if (unveil(_PATH_MAILDIR, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_MAILDIR); if (pledge("stdio rpath wpath getpw cpath fattr", NULL) == -1) err(1, "pledge"); diff --git a/libexec/spamlogd/spamlogd.c b/libexec/spamlogd/spamlogd.c index f92ef83e964..c3e4a6665ae 100644 --- a/libexec/spamlogd/spamlogd.c +++ b/libexec/spamlogd/spamlogd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: spamlogd.c,v 1.31 2019/07/25 17:32:33 brynet Exp $ */ +/* $OpenBSD: spamlogd.c,v 1.32 2021/07/12 15:09:18 beck Exp $ */ /* * Copyright (c) 2006 Henning Brauer <henning@openbsd.org> @@ -463,7 +463,7 @@ main(int argc, char **argv) } if (unveil(PATH_SPAMD_DB, "rw") == -1) - err(1, "unveil"); + err(1, "unveil %s", PATH_SPAMD_DB); if (syncsend) { if (pledge("stdio rpath wpath inet flock", NULL) == -1) err(1, "pledge"); diff --git a/regress/sbin/ifconfig/ifaddr.c b/regress/sbin/ifconfig/ifaddr.c index 8f60d5dc84a..2cfa82d25f1 100644 --- a/regress/sbin/ifconfig/ifaddr.c +++ b/regress/sbin/ifconfig/ifaddr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ifaddr.c,v 1.5 2021/03/12 19:35:43 florian Exp $ */ +/* $OpenBSD: ifaddr.c,v 1.6 2021/07/12 15:09:18 beck Exp $ */ /* * This file has been copied from ifconfig and adapted to test @@ -287,7 +287,7 @@ main(int argc, char *argv[]) if (argc < 2) { /* no filesystem visibility */ if (unveil("/", "") == -1) - err(1, "unveil"); + err(1, "unveil /"); if (unveil(NULL, NULL) == -1) err(1, "unveil"); aflag = 1; @@ -326,11 +326,11 @@ main(int argc, char *argv[]) argc--, argv++; if (unveil(_PATH_RESCONF, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_RESCONF); if (unveil(_PATH_HOSTS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_HOSTS); if (unveil(_PATH_SERVICES, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_SERVICES); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/regress/usr.bin/lastcomm/unveil.c b/regress/usr.bin/lastcomm/unveil.c index 660b8dd5738..54912108fe1 100644 --- a/regress/usr.bin/lastcomm/unveil.c +++ b/regress/usr.bin/lastcomm/unveil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: unveil.c,v 1.1 2020/07/27 13:40:02 rob Exp $ */ +/* $OpenBSD: unveil.c,v 1.2 2021/07/12 15:09:18 beck Exp $ */ /* * Copyright (c) 2020 Rob Pierce <rob@openbsd.org> * @@ -22,7 +22,7 @@ int main(int argc, char *argv[]) { if (unveil("/tmp", "r") == -1) - err(1, "unveil"); + err(1, "unveil /tmp"); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c index 993c829f2d2..8cda5c69753 100644 --- a/sbin/dhclient/dhclient.c +++ b/sbin/dhclient/dhclient.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dhclient.c,v 1.722 2021/05/02 19:16:48 krw Exp $ */ +/* $OpenBSD: dhclient.c,v 1.723 2021/07/12 15:09:18 beck Exp $ */ /* * Copyright 2004 Henning Brauer <henning@openbsd.org> @@ -2334,9 +2334,9 @@ fork_privchld(struct interface_info *ifi, int fd, int fd2) fatal("socket(AF_ROUTE, SOCK_RAW)"); if (unveil(_PATH_RESCONF, "wc") == -1) - fatal("unveil"); + fatal("unveil %s", _PATH_RESCONF); if (unveil("/etc/resolv.conf.tail", "r") == -1) - fatal("unveil"); + fatal("unveil /etc/resolve.conf.tail"); if (unveil(NULL, NULL) == -1) fatal("unveil"); diff --git a/sbin/dhcpleased/dhcpleased.c b/sbin/dhcpleased/dhcpleased.c index d5aca108549..2157406e71a 100644 --- a/sbin/dhcpleased/dhcpleased.c +++ b/sbin/dhcpleased/dhcpleased.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dhcpleased.c,v 1.13 2021/06/20 08:31:45 florian Exp $ */ +/* $OpenBSD: dhcpleased.c,v 1.14 2021/07/12 15:09:18 beck Exp $ */ /* * Copyright (c) 2017, 2021 Florian Obser <florian@openbsd.org> @@ -274,7 +274,7 @@ main(int argc, char *argv[]) } if (unveil(NULL, NULL) == -1) - fatal("locking unveil"); + fatal("unveil"); #if notyet if (pledge("stdio inet rpath wpath sendfd wroute bpf", NULL) == -1) fatal("pledge"); diff --git a/sbin/dhcpleased/engine.c b/sbin/dhcpleased/engine.c index dfe2a1b15e8..ad8202c9a33 100644 --- a/sbin/dhcpleased/engine.c +++ b/sbin/dhcpleased/engine.c @@ -1,4 +1,4 @@ -/* $OpenBSD: engine.c,v 1.17 2021/06/20 08:31:45 florian Exp $ */ +/* $OpenBSD: engine.c,v 1.18 2021/07/12 15:09:18 beck Exp $ */ /* * Copyright (c) 2017, 2021 Florian Obser <florian@openbsd.org> @@ -182,9 +182,9 @@ engine(int debug, int verbose) fatal("chdir(\"/\")"); if (unveil("/", "") == -1) - fatal("unveil(\"/\", \"\")"); + fatal("unveil /"); if (unveil(NULL, NULL) == -1) - fatal("unveil(NULL, NULL)"); + fatal("unveil"); setproctitle("%s", "engine"); log_procinit("engine"); diff --git a/sbin/dhcpleased/frontend.c b/sbin/dhcpleased/frontend.c index 456c0ec5226..1e5284eaf13 100644 --- a/sbin/dhcpleased/frontend.c +++ b/sbin/dhcpleased/frontend.c @@ -1,4 +1,4 @@ -/* $OpenBSD: frontend.c,v 1.12 2021/06/16 14:08:38 florian Exp $ */ +/* $OpenBSD: frontend.c,v 1.13 2021/07/12 15:09:18 beck Exp $ */ /* * Copyright (c) 2017, 2021 Florian Obser <florian@openbsd.org> @@ -138,9 +138,9 @@ frontend(int debug, int verbose) fatal("chdir(\"/\")"); if (unveil("/", "") == -1) - fatal("unveil(\"/\", \"\")"); + fatal("unveil /"); if (unveil(NULL, NULL) == -1) - fatal("unveil(NULL, NULL)"); + fatal("unveil"); setproctitle("%s", "frontend"); log_procinit("frontend"); diff --git a/sbin/fsck/fsck.c b/sbin/fsck/fsck.c index 09475f346d3..19e730a484f 100644 --- a/sbin/fsck/fsck.c +++ b/sbin/fsck/fsck.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fsck.c,v 1.40 2019/06/28 13:32:43 deraadt Exp $ */ +/* $OpenBSD: fsck.c,v 1.41 2021/07/12 15:09:18 beck Exp $ */ /* $NetBSD: fsck.c,v 1.7 1996/10/03 20:06:30 christos Exp $ */ /* @@ -110,11 +110,11 @@ main(int argc, char *argv[]) checkroot(); if (unveil("/dev", "rw") == -1) - err(1, "unveil"); + err(1, "unveil /dev"); if (unveil(_PATH_FSTAB, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_FSTAB); if (unveil("/sbin", "x") == -1) - err(1, "unveil"); + err(1, "unveil /sbin"); if (pledge("stdio rpath wpath disklabel proc exec", NULL) == -1) err(1, "pledge"); diff --git a/sbin/fsck_ffs/setup.c b/sbin/fsck_ffs/setup.c index e9c922d7c37..42c27f4fdbc 100644 --- a/sbin/fsck_ffs/setup.c +++ b/sbin/fsck_ffs/setup.c @@ -1,4 +1,4 @@ -/* $OpenBSD: setup.c,v 1.67 2020/06/20 07:49:04 otto Exp $ */ +/* $OpenBSD: setup.c,v 1.68 2021/07/12 15:09:18 beck Exp $ */ /* $NetBSD: setup.c,v 1.27 1996/09/27 22:45:19 christos Exp $ */ /* @@ -105,7 +105,7 @@ setup(char *dev, int isfsdb) if (isfsdb || !hotroot()) { if (unveil("/dev", "rw") == -1) - err(1, "unveil"); + err(1, "unveil /dev"); if (pledge("stdio rpath wpath getpw tty disklabel", NULL) == -1) err(1, "pledge"); diff --git a/sbin/fsck_msdos/check.c b/sbin/fsck_msdos/check.c index 4a2f07f1131..173458cc097 100644 --- a/sbin/fsck_msdos/check.c +++ b/sbin/fsck_msdos/check.c @@ -1,4 +1,4 @@ -/* $OpenBSD: check.c,v 1.20 2019/06/28 13:32:43 deraadt Exp $ */ +/* $OpenBSD: check.c,v 1.21 2021/07/12 15:09:18 beck Exp $ */ /* $NetBSD: check.c,v 1.8 1997/10/17 11:19:29 ws Exp $ */ /* @@ -55,7 +55,7 @@ checkfilesys(const char *fname) int mod = 0; if (unveil("/dev", "rw") == -1) - err(1, "unveil"); + err(1, "unveil /dev"); rdonly = alwaysno; diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c index 20b68c1f95d..7d86e887561 100644 --- a/sbin/ifconfig/ifconfig.c +++ b/sbin/ifconfig/ifconfig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ifconfig.c,v 1.443 2021/07/04 19:22:32 sthen Exp $ */ +/* $OpenBSD: ifconfig.c,v 1.444 2021/07/12 15:09:18 beck Exp $ */ /* $NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $ */ /* @@ -773,7 +773,7 @@ main(int argc, char *argv[]) if (argc < 2) { /* no filesystem visibility */ if (unveil("/", "") == -1) - err(1, "unveil"); + err(1, "unveil /"); if (unveil(NULL, NULL) == -1) err(1, "unveil"); aflag = 1; @@ -827,11 +827,11 @@ main(int argc, char *argv[]) if (!found_rulefile) { if (unveil(_PATH_RESCONF, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_RESCONF); if (unveil(_PATH_HOSTS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_HOSTS); if (unveil(_PATH_SERVICES, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_SERVICES); if (unveil(NULL, NULL) == -1) err(1, "unveil"); } diff --git a/sbin/nologin/nologin.c b/sbin/nologin/nologin.c index 88bdd5f6fd7..81973926888 100644 --- a/sbin/nologin/nologin.c +++ b/sbin/nologin/nologin.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nologin.c,v 1.8 2019/06/28 13:32:45 deraadt Exp $ */ +/* $OpenBSD: nologin.c,v 1.9 2021/07/12 15:09:19 beck Exp $ */ /* * Copyright (c) 1997, Jason Downs. All rights reserved. @@ -47,7 +47,7 @@ main(int argc, char *argv[]) char nbuf[BUFSIZ]; if (unveil(_PATH_NOLOGIN_TXT, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_NOLOGIN_TXT); if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); diff --git a/sbin/pflogd/privsep.c b/sbin/pflogd/privsep.c index a1c109005cf..c89064d3e53 100644 --- a/sbin/pflogd/privsep.c +++ b/sbin/pflogd/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.34 2019/11/27 17:49:09 deraadt Exp $ */ +/* $OpenBSD: privsep.c,v 1.35 2021/07/12 15:09:19 beck Exp $ */ /* * Copyright (c) 2003 Can Erkin Acar @@ -134,15 +134,15 @@ priv_init(int Pflag, int argc, char *argv[]) setproctitle("[priv]"); if (unveil(_PATH_RESCONF, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_RESCONF); if (unveil(_PATH_HOSTS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_HOSTS); if (unveil(_PATH_SERVICES, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_SERVICES); if (unveil("/dev/bpf", "r") == -1) - err(1, "unveil"); + err(1, "unveil /dev/bpf"); if (unveil(filename, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", filename); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c index f7c3c101b25..6fa634bca3e 100644 --- a/sbin/ping/ping.c +++ b/sbin/ping/ping.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ping.c,v 1.244 2021/02/21 10:38:42 sthen Exp $ */ +/* $OpenBSD: ping.c,v 1.245 2021/07/12 15:09:19 beck Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -266,7 +266,7 @@ main(int argc, char *argv[]) /* Cannot pledge due to special setsockopt()s below */ if (unveil("/", "r") == -1) - err(1, "unveil"); + err(1, "unveil /"); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/sbin/shutdown/shutdown.c b/sbin/shutdown/shutdown.c index d28eb676172..38b10bb56df 100644 --- a/sbin/shutdown/shutdown.c +++ b/sbin/shutdown/shutdown.c @@ -1,4 +1,4 @@ -/* $OpenBSD: shutdown.c,v 1.52 2018/08/03 17:09:22 deraadt Exp $ */ +/* $OpenBSD: shutdown.c,v 1.53 2021/07/12 15:09:19 beck Exp $ */ /* $NetBSD: shutdown.c,v 1.9 1995/03/18 15:01:09 cgd Exp $ */ /* @@ -166,24 +166,24 @@ main(int argc, char *argv[]) } if (unveil(_PATH_CONSOLE, "rw") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_CONSOLE); if (unveil(_PATH_RC, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_RC); if (unveil(_PATH_WALL, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_WALL); if (unveil(_PATH_FASTBOOT, "wc") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_FASTBOOT); if (unveil(_PATH_NOLOGIN, "wc") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_NOLOGIN); if (dohalt || dopower) { if (unveil(_PATH_HALT, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_HALT); } else if (doreboot) { if (unveil(_PATH_REBOOT, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_REBOOT); } else { if (unveil(_PATH_BSHELL, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_BSHELL); } if (pledge("stdio rpath wpath cpath getpw tty id proc exec", NULL) == -1) err(1, "pledge"); diff --git a/sbin/slaacd/engine.c b/sbin/slaacd/engine.c index c39f50b33b7..c1824ac16a3 100644 --- a/sbin/slaacd/engine.c +++ b/sbin/slaacd/engine.c @@ -1,4 +1,4 @@ -/* $OpenBSD: engine.c,v 1.72 2021/05/01 11:53:06 florian Exp $ */ +/* $OpenBSD: engine.c,v 1.73 2021/07/12 15:09:19 beck Exp $ */ /* * Copyright (c) 2017 Florian Obser <florian@openbsd.org> @@ -368,9 +368,9 @@ engine(int debug, int verbose) fatal("chdir(\"/\")"); if (unveil("/", "") == -1) - fatal("unveil(\"/\", \"\")"); + fatal("unveil /"); if (unveil(NULL, NULL) == -1) - fatal("unveil(NULL, NULL)"); + fatal("unveil"); setproctitle("%s", "engine"); log_procinit("engine"); diff --git a/sbin/slaacd/frontend.c b/sbin/slaacd/frontend.c index 3553595db4c..d3cb23a2925 100644 --- a/sbin/slaacd/frontend.c +++ b/sbin/slaacd/frontend.c @@ -1,4 +1,4 @@ -/* $OpenBSD: frontend.c,v 1.56 2021/05/01 11:53:06 florian Exp $ */ +/* $OpenBSD: frontend.c,v 1.57 2021/07/12 15:09:19 beck Exp $ */ /* * Copyright (c) 2017 Florian Obser <florian@openbsd.org> @@ -149,9 +149,9 @@ frontend(int debug, int verbose) fatal("chdir(\"/\")"); if (unveil("/", "") == -1) - fatal("unveil(\"/\", \"\")"); + fatal("unveil /"); if (unveil(NULL, NULL) == -1) - fatal("unveil(NULL, NULL)"); + fatal("unveil"); setproctitle("%s", "frontend"); log_procinit("frontend"); diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c index cb831014d32..e7ce921994a 100644 --- a/sbin/sysctl/sysctl.c +++ b/sbin/sysctl/sysctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sysctl.c,v 1.257 2021/05/18 05:25:40 claudio Exp $ */ +/* $OpenBSD: sysctl.c,v 1.258 2021/07/12 15:09:19 beck Exp $ */ /* $NetBSD: sysctl.c,v 1.9 1995/09/30 07:12:50 thorpej Exp $ */ /* @@ -265,9 +265,9 @@ main(int argc, char *argv[]) ctime(&boottime); /* satisfy potential $TZ expansion before unveil() */ if (unveil(_PATH_DEVDB, "r") == -1 && errno != ENOENT) - err(1,"unveil"); + err(1,"unveil %s", _PATH_DEVDB); if (unveil("/dev", "r") == -1 && errno != ENOENT) - err(1, "unveil"); + err(1, "unveil /dev"); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/sbin/unwind/resolver.c b/sbin/unwind/resolver.c index 2db2e7274ab..81610f68b3e 100644 --- a/sbin/unwind/resolver.c +++ b/sbin/unwind/resolver.c @@ -1,4 +1,4 @@ -/* $OpenBSD: resolver.c,v 1.143 2021/02/07 13:35:41 florian Exp $ */ +/* $OpenBSD: resolver.c,v 1.144 2021/07/12 15:09:19 beck Exp $ */ /* * Copyright (c) 2018 Florian Obser <florian@openbsd.org> @@ -377,7 +377,7 @@ resolver(int debug, int verbose) fatal("can't drop privileges"); if (unveil(TLS_DEFAULT_CA_CERT_FILE, "r") == -1) - fatal("unveil"); + fatal("unveil %s", TLS_DEFAULT_CA_CERT_FILE); if (pledge("stdio inet dns rpath recvfd", NULL) == -1) fatal("pledge"); diff --git a/usr.bin/audioctl/audioctl.c b/usr.bin/audioctl/audioctl.c index ec2c1927695..abe3f3f1fb6 100644 --- a/usr.bin/audioctl/audioctl.c +++ b/usr.bin/audioctl/audioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: audioctl.c,v 1.42 2020/02/02 05:25:41 ratchov Exp $ */ +/* $OpenBSD: audioctl.c,v 1.43 2021/07/12 15:09:19 beck Exp $ */ /* * Copyright (c) 2016 Alexandre Ratchov <alex@caoua.org> * @@ -285,7 +285,7 @@ main(int argc, char **argv) argv += optind; if (unveil(path, "w") == -1) - err(1, "unveil"); + err(1, "unveil %s", path); if (unveil(NULL, NULL) == -1) err(1, "unveil"); @@ -296,5 +296,5 @@ main(int argc, char **argv) audio_main(argc, argv); close(fd); - return 0; + return 0; } diff --git a/usr.bin/biff/biff.c b/usr.bin/biff/biff.c index f8c102f5dfc..231b3601ec5 100644 --- a/usr.bin/biff/biff.c +++ b/usr.bin/biff/biff.c @@ -1,4 +1,4 @@ -/* $OpenBSD: biff.c,v 1.17 2019/06/28 13:35:00 deraadt Exp $ */ +/* $OpenBSD: biff.c,v 1.18 2021/07/12 15:09:19 beck Exp $ */ /* $NetBSD: biff.c,v 1.3 1995/03/26 02:34:22 glass Exp $ */ /* @@ -62,7 +62,7 @@ main(int argc, char *argv[]) err(2, "tty"); if (unveil(name, "rw") == -1) - err(2, "unveil"); + err(2, "unveil %s", name); if (pledge("stdio rpath fattr", NULL) == -1) err(2, "pledge"); diff --git a/usr.bin/chpass/chpass.c b/usr.bin/chpass/chpass.c index f20b7f18b9b..72c622eb40c 100644 --- a/usr.bin/chpass/chpass.c +++ b/usr.bin/chpass/chpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: chpass.c,v 1.46 2019/09/14 17:47:00 semarie Exp $ */ +/* $OpenBSD: chpass.c,v 1.47 2021/07/12 15:09:19 beck Exp $ */ /* $NetBSD: chpass.c,v 1.8 1996/05/15 21:50:43 jtc Exp $ */ /*- @@ -137,11 +137,11 @@ main(int argc, char *argv[]) display(tempname, dfd, pw); if (unveil(_PATH_BSHELL, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_BSHELL); if (unveil(_PATH_SHELLS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_SHELLS); if (unveil(tempname, "rc") == -1) - err(1, "unveil"); + err(1, "unveil %s", tempname); if (pledge("stdio rpath wpath cpath id proc exec unveil", NULL) == -1) err(1, "pledge"); @@ -165,7 +165,7 @@ main(int argc, char *argv[]) if (op == NEWSH) { if (unveil(_PATH_SHELLS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_SHELLS); if (pledge("stdio rpath wpath cpath id proc exec unveil", NULL) == -1) err(1, "pledge"); @@ -184,11 +184,11 @@ main(int argc, char *argv[]) sigprocmask(SIG_BLOCK, &fullset, NULL); if (unveil(_PATH_MASTERPASSWD_LOCK, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_MASTERPASSWD_LOCK); if (unveil(_PATH_MASTERPASSWD, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_MASTERPASSWD); if (unveil(_PATH_PWD_MKDB, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_PWD_MKDB); if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1) err(1, "pledge"); diff --git a/usr.bin/ctfconv/ctfconv.c b/usr.bin/ctfconv/ctfconv.c index f47af91541d..6fbaca0157c 100644 --- a/usr.bin/ctfconv/ctfconv.c +++ b/usr.bin/ctfconv/ctfconv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ctfconv.c,v 1.18 2019/11/07 13:39:08 mpi Exp $ */ +/* $OpenBSD: ctfconv.c,v 1.19 2021/07/12 15:09:19 beck Exp $ */ /* * Copyright (c) 2016-2017 Martin Pieuchot @@ -128,11 +128,11 @@ main(int argc, char *argv[]) filename = *argv; if (unveil(filename, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", filename); if (outfile != NULL) { if (unveil(outfile, "wc") == -1) - err(1, "unveil"); + err(1, "unveil %s", outfile); } if (pledge("stdio rpath wpath cpath", NULL) == -1) diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index be05be3a968..5fccac85724 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.89 2021/01/27 17:02:50 millert Exp $ */ +/* $OpenBSD: doas.c,v 1.90 2021/07/12 15:09:19 beck Exp $ */ /* * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> * @@ -416,9 +416,10 @@ main(int argc, char **argv) if (formerpath == NULL) formerpath = ""; - if (unveil(_PATH_LOGIN_CONF, "r") == -1 || - unveil(_PATH_LOGIN_CONF ".db", "r") == -1) - err(1, "unveil"); + if (unveil(_PATH_LOGIN_CONF, "r") == -1) + err(1, "unveil %s", _PATH_LOGIN_CONF); + if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) + err(1, "unveil %s.db", _PATH_LOGIN_CONF); if (rule->cmd) { if (setenv("PATH", safepath, 1) == -1) err(1, "failed to set PATH '%s'", safepath); diff --git a/usr.bin/encrypt/encrypt.c b/usr.bin/encrypt/encrypt.c index 01e96edd9f8..04ea7c5b98f 100644 --- a/usr.bin/encrypt/encrypt.c +++ b/usr.bin/encrypt/encrypt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encrypt.c,v 1.50 2019/09/14 17:47:00 semarie Exp $ */ +/* $OpenBSD: encrypt.c,v 1.51 2021/07/12 15:09:19 beck Exp $ */ /* * Copyright (c) 1996, Jason Downs. All rights reserved. @@ -95,9 +95,10 @@ main(int argc, char **argv) char *extra = NULL; /* Store login class or number of rounds */ const char *errstr; - if (unveil(_PATH_LOGIN_CONF, "r") == -1 || - unveil(_PATH_LOGIN_CONF ".db", "r") == -1) - err(1, "unveil"); + if (unveil(_PATH_LOGIN_CONF, "r") == -1) + err(1, "unveil %s", _PATH_LOGIN_CONF); + if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) + err(1, "unveil %s.db", _PATH_LOGIN_CONF); if (pledge("stdio rpath tty", NULL) == -1) err(1, "pledge"); diff --git a/usr.bin/from/from.c b/usr.bin/from/from.c index 59b743e7247..b3e96a24887 100644 --- a/usr.bin/from/from.c +++ b/usr.bin/from/from.c @@ -1,4 +1,4 @@ -/* $OpenBSD: from.c,v 1.27 2020/05/29 07:16:50 mestre Exp $ */ +/* $OpenBSD: from.c,v 1.28 2021/07/12 15:09:19 beck Exp $ */ /* $NetBSD: from.c,v 1.6 1995/09/01 01:39:10 jtc Exp $ */ /* @@ -80,7 +80,7 @@ main(int argc, char *argv[]) file = mail_spool(file, *argv); if (unveil(file, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", file); if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); diff --git a/usr.bin/getconf/getconf.c b/usr.bin/getconf/getconf.c index 3cf332f1181..f3240af8bd4 100644 --- a/usr.bin/getconf/getconf.c +++ b/usr.bin/getconf/getconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getconf.c,v 1.20 2018/10/26 17:11:32 mestre Exp $ */ +/* $OpenBSD: getconf.c,v 1.21 2021/07/12 15:09:19 beck Exp $ */ /*- * Copyright (c) 1996 The NetBSD Foundation, Inc. @@ -514,7 +514,7 @@ main(int argc, char *argv[]) case PATHCONF: if (unveil(argv[1], "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", argv[1]); if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); errno = 0; diff --git a/usr.bin/getent/getent.c b/usr.bin/getent/getent.c index 3555f3420f0..278d3b03985 100644 --- a/usr.bin/getent/getent.c +++ b/usr.bin/getent/getent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getent.c,v 1.21 2018/11/02 10:21:29 kn Exp $ */ +/* $OpenBSD: getent.c,v 1.22 2021/07/12 15:09:19 beck Exp $ */ /* $NetBSD: getent.c,v 1.7 2005/08/24 14:31:02 ginsbach Exp $ */ /*- @@ -102,7 +102,7 @@ main(int argc, char *argv[]) if (strcmp(curdb->name, argv[1]) == 0) { if (curdb->unveil != NULL) { if (unveil(curdb->unveil, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", curdb->unveil); } if (pledge(curdb->pledge, NULL) == -1) err(1, "pledge"); diff --git a/usr.bin/htpasswd/htpasswd.c b/usr.bin/htpasswd/htpasswd.c index 85a7f5ccece..03a9e762c12 100644 --- a/usr.bin/htpasswd/htpasswd.c +++ b/usr.bin/htpasswd/htpasswd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: htpasswd.c,v 1.17 2018/10/31 07:39:10 mestre Exp $ */ +/* $OpenBSD: htpasswd.c,v 1.18 2021/07/12 15:09:19 beck Exp $ */ /* * Copyright (c) 2014 Florian Obser <florian@openbsd.org> * @@ -74,9 +74,9 @@ main(int argc, char** argv) if ((batch && argc == 1) || (!batch && argc == 2)) { if (unveil(argv[0], "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", argv[0]); if (unveil("/tmp", "rwc") == -1) - err(1, "unveil"); + err(1, "unveil /tmp"); } if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1) err(1, "pledge"); diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c index fb71d3c7520..52356862c40 100644 --- a/usr.bin/kdump/kdump.c +++ b/usr.bin/kdump/kdump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kdump.c,v 1.143 2020/04/05 08:32:14 mpi Exp $ */ +/* $OpenBSD: kdump.c,v 1.144 2021/07/12 15:09:19 beck Exp $ */ /*- * Copyright (c) 1988, 1993 @@ -223,9 +223,9 @@ main(int argc, char *argv[]) if (strcmp(tracefile, "-") != 0) if (unveil(tracefile, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", tracefile); if (unveil(_PATH_PROTOCOLS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_PROTOCOLS); if (pledge("stdio rpath getpw", NULL) == -1) err(1, "pledge"); diff --git a/usr.bin/last/last.c b/usr.bin/last/last.c index 98688a7bbcf..76d576106fe 100644 --- a/usr.bin/last/last.c +++ b/usr.bin/last/last.c @@ -1,4 +1,4 @@ -/* $OpenBSD: last.c,v 1.52 2019/06/28 13:35:01 deraadt Exp $ */ +/* $OpenBSD: last.c,v 1.53 2021/07/12 15:09:19 beck Exp $ */ /* $NetBSD: last.c,v 1.6 1994/12/24 16:49:02 cgd Exp $ */ /* @@ -153,7 +153,7 @@ main(int argc, char *argv[]) exit(0); if (unveil(file, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", file); if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); diff --git a/usr.bin/look/look.c b/usr.bin/look/look.c index fa0b7353bc2..0ccfd1703be 100644 --- a/usr.bin/look/look.c +++ b/usr.bin/look/look.c @@ -1,4 +1,4 @@ -/* $OpenBSD: look.c,v 1.23 2019/06/28 13:35:01 deraadt Exp $ */ +/* $OpenBSD: look.c,v 1.24 2021/07/12 15:09:20 beck Exp $ */ /* $NetBSD: look.c,v 1.7 1995/08/31 22:41:02 jtc Exp $ */ /*- @@ -111,7 +111,7 @@ main(int argc, char *argv[]) } if (unveil(file, "r") == -1) - err(2, "unveil"); + err(2, "unveil %s", file); if (pledge("stdio rpath", NULL) == -1) err(2, "pledge"); diff --git a/usr.bin/mesg/mesg.c b/usr.bin/mesg/mesg.c index d682e9e9bcd..0423eff7029 100644 --- a/usr.bin/mesg/mesg.c +++ b/usr.bin/mesg/mesg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mesg.c,v 1.16 2019/06/28 13:35:02 deraadt Exp $ */ +/* $OpenBSD: mesg.c,v 1.17 2021/07/12 15:09:20 beck Exp $ */ /* $NetBSD: mesg.c,v 1.4 1994/12/23 07:16:32 jtc Exp $ */ /* @@ -65,7 +65,7 @@ main(int argc, char *argv[]) err(2, "ttyname"); if (unveil(tty, "rw") == -1) - err(2, "unveil"); + err(2, "unveil %s", tty); if (pledge("stdio rpath fattr", NULL) == -1) err(2, "pledge"); diff --git a/usr.bin/mixerctl/mixerctl.c b/usr.bin/mixerctl/mixerctl.c index e454d9d64bc..c572ab36c08 100644 --- a/usr.bin/mixerctl/mixerctl.c +++ b/usr.bin/mixerctl/mixerctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mixerctl.c,v 1.33 2020/04/04 08:43:08 ratchov Exp $ */ +/* $OpenBSD: mixerctl.c,v 1.34 2021/07/12 15:09:20 beck Exp $ */ /* $NetBSD: mixerctl.c,v 1.11 1998/04/27 16:55:23 augustss Exp $ */ /* @@ -285,7 +285,7 @@ main(int argc, char **argv) aflag = 1; if (unveil(file, "w") == -1) - err(1, "unveil"); + err(1, "unveil %s", file); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c index 503095584ad..811551f57da 100644 --- a/usr.bin/nc/netcat.c +++ b/usr.bin/nc/netcat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: netcat.c,v 1.217 2020/02/12 14:46:36 schwarze Exp $ */ +/* $OpenBSD: netcat.c,v 1.218 2021/07/12 15:09:20 beck Exp $ */ /* * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> * Copyright (c) 2015 Bob Beck. All rights reserved. @@ -364,13 +364,13 @@ main(int argc, char *argv[]) if (usetls) { if (Cflag && unveil(Cflag, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", Cflag); if (unveil(Rflag, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", Rflag); if (Kflag && unveil(Kflag, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", Kflag); if (oflag && unveil(oflag, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", oflag); } else if (family == AF_UNIX && uflag && lflag && !kflag) { /* * After recvfrom(2) from client, the server connects @@ -380,20 +380,20 @@ main(int argc, char *argv[]) } else { if (family == AF_UNIX) { if (unveil(host, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", host); if (uflag && !kflag) { if (sflag) { if (unveil(sflag, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", sflag); } else { if (unveil("/tmp", "rwc") == -1) - err(1, "unveil"); + err(1, "unveil /tmp"); } } } else { /* no filesystem visibility */ if (unveil("/", "") == -1) - err(1, "unveil"); + err(1, "unveil /"); } } diff --git a/usr.bin/passwd/local_passwd.c b/usr.bin/passwd/local_passwd.c index 955eb9e3820..97720018337 100644 --- a/usr.bin/passwd/local_passwd.c +++ b/usr.bin/passwd/local_passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: local_passwd.c,v 1.58 2019/10/24 12:56:40 anton Exp $ */ +/* $OpenBSD: local_passwd.c,v 1.59 2021/07/12 15:09:20 beck Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -73,19 +73,19 @@ local_passwd(char *uname, int authenticated) } if (unveil(_PATH_MASTERPASSWD_LOCK, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_MASTERPASSWD_LOCK); if (unveil(_PATH_MASTERPASSWD, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_MASTERPASSWD); if (unveil(_PATH_LOGIN_CONF, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_LOGIN_CONF); if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) - err(1, "unveil"); + err(1, "unveil %s.db", _PATH_LOGIN_CONF); if (unveil(_PATH_BSHELL, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_BSHELL); if (unveil(_PATH_SHELLS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_SHELLS); if (unveil(_PATH_PWD_MKDB, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_PWD_MKDB); if (pledge("stdio rpath wpath cpath getpw tty id proc exec", NULL) == -1) err(1, "pledge"); diff --git a/usr.bin/sdiff/sdiff.c b/usr.bin/sdiff/sdiff.c index 90207e16950..7039391ee57 100644 --- a/usr.bin/sdiff/sdiff.c +++ b/usr.bin/sdiff/sdiff.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sdiff.c,v 1.37 2018/09/28 18:21:52 mestre Exp $ */ +/* $OpenBSD: sdiff.c,v 1.38 2021/07/12 15:09:20 beck Exp $ */ /* * Written by Raymond Lai <ray@cyth.net>. @@ -255,7 +255,7 @@ main(int argc, char **argv) if (outfile && (outfp = fopen(outfile, "w")) == NULL) err(2, "could not open: %s", optarg); - if ((tmpdir = getenv("TMPDIR")) == NULL || *tmpdir == '\0') + if ((tmpdir = getenv("TMPDIR")) == NULL || *tmpdir == '\0') tmpdir = _PATH_TMP; filename1 = argv[0]; @@ -263,15 +263,15 @@ main(int argc, char **argv) if (!Fflag) { if (unveil(filename1, "r") == -1) - err(2, "unveil"); + err(2, "unveil %s", filename1); if (unveil(filename2, "r") == -1) - err(2, "unveil"); + err(2, "unveil %s", filename2); if (unveil(tmpdir, "rwc") == -1) - err(2, "unveil"); + err(2, "unveil %s", tmpdir); if (unveil("/usr/bin/diff", "x") == -1) - err(2, "unveil"); + err(2, "unveil /usr/bin/diff"); if (unveil(_PATH_BSHELL, "x") == -1) - err(2, "unveil"); + err(2, "unveil %s", _PATH_BSHELL); } if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1) err(2, "pledge"); diff --git a/usr.bin/sndiod/sndiod.c b/usr.bin/sndiod/sndiod.c index 9a7daeb9e63..ad6a2cce7c3 100644 --- a/usr.bin/sndiod/sndiod.c +++ b/usr.bin/sndiod/sndiod.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sndiod.c,v 1.45 2021/03/08 09:42:50 ratchov Exp $ */ +/* $OpenBSD: sndiod.c,v 1.46 2021/07/12 15:09:20 beck Exp $ */ /* * Copyright (c) 2008-2012 Alexandre Ratchov <alex@caoua.org> * @@ -378,7 +378,7 @@ dounveil(char *name, char *prefix, char *path_prefix) errx(1, "%s: unsupported device or port format", name); snprintf(path, sizeof(path), "%s%s", path_prefix, name + prefix_len); if (unveil(path, "rw") == -1) - err(1, "unveil"); + err(1, "unveil %s", path); } static int diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index 193fe832e16..f9fb2c0ac88 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -1,4 +1,4 @@ -/* $OpenBSD: su.c,v 1.83 2020/10/30 16:23:57 millert Exp $ */ +/* $OpenBSD: su.c,v 1.84 2021/07/12 15:09:20 beck Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. @@ -161,17 +161,17 @@ main(int argc, char **argv) } if (unveil(_PATH_LOGIN_CONF, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_LOGIN_CONF); if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) - err(1, "unveil"); + err(1, "unveil %s.db", _PATH_LOGIN_CONF); if (unveil(_PATH_AUTHPROGDIR, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_AUTHPROGDIR); if (unveil(_PATH_SHELLS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_SHELLS); if (unveil(_PATH_DEVDB, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEVDB); if (unveil(_PATH_NOLOGIN, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_NOLOGIN); for (;;) { char *pw_class = class; @@ -251,9 +251,9 @@ main(int argc, char **argv) } if (unveil(shell, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", shell); if (unveil(pwd->pw_dir, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", pwd->pw_dir); if ((p = strrchr(shell, '/'))) avshell = p+1; @@ -283,7 +283,7 @@ main(int argc, char **argv) auth_err(as, 1, "%s", pwd->pw_dir); } else { if (unveil("/", "r") == -1) - err(1, "unveil"); + err(1, "unveil /"); printf("No home directory %s!\n", pwd->pw_dir); printf("Logging in with home = \"/\".\n"); if (chdir("/") == -1) diff --git a/usr.bin/systat/main.c b/usr.bin/systat/main.c index 48b42ea0031..7a4225cc490 100644 --- a/usr.bin/systat/main.c +++ b/usr.bin/systat/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.75 2021/07/02 15:34:16 millert Exp $ */ +/* $OpenBSD: main.c,v 1.76 2021/07/12 15:09:20 beck Exp $ */ /* * Copyright (c) 2001, 2007 Can Erkin Acar * Copyright (c) 2001 Daniel Hartmeier @@ -579,7 +579,7 @@ main(int argc, char *argv[]) setup_term(maxlines); if (unveil("/", "r") == -1) - err(1, "unveil"); + err(1, "unveil /"); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/usr.bin/tcpbench/tcpbench.c b/usr.bin/tcpbench/tcpbench.c index c56752ce10e..5eadee0fe30 100644 --- a/usr.bin/tcpbench/tcpbench.c +++ b/usr.bin/tcpbench/tcpbench.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcpbench.c,v 1.64 2021/02/04 18:46:25 bluhm Exp $ */ +/* $OpenBSD: tcpbench.c,v 1.65 2021/07/12 15:09:20 beck Exp $ */ /* * Copyright (c) 2008 Damien Miller <djm@mindrot.org> @@ -1273,11 +1273,11 @@ main(int argc, char **argv) if (ptb->kvars) { if (unveil(_PATH_MEM, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_MEM); if (unveil(_PATH_KMEM, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_KMEM); if (unveil(_PATH_KSYMS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_KSYMS); if ((ptb->kvmh = kvm_openfiles(NULL, NULL, NULL, O_RDONLY, kerr)) == NULL) @@ -1294,7 +1294,7 @@ main(int argc, char **argv) if (ptb->Uflag) if (unveil(host, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", host); if (pledge("stdio id dns inet unix", NULL) == -1) err(1, "pledge"); diff --git a/usr.bin/tty/tty.c b/usr.bin/tty/tty.c index 0409f441aca..d1ba54b5fa8 100644 --- a/usr.bin/tty/tty.c +++ b/usr.bin/tty/tty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tty.c,v 1.11 2018/08/03 06:55:41 deraadt Exp $ */ +/* $OpenBSD: tty.c,v 1.12 2021/07/12 15:09:20 beck Exp $ */ /* $NetBSD: tty.c,v 1.4 1994/12/07 00:46:57 jtc Exp $ */ /* @@ -58,7 +58,7 @@ main(int argc, char *argv[]) } if (unveil(_PATH_DEVDB, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEVDB); if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); diff --git a/usr.bin/users/users.c b/usr.bin/users/users.c index 07d43771a3a..2d7dc326819 100644 --- a/usr.bin/users/users.c +++ b/usr.bin/users/users.c @@ -1,4 +1,4 @@ -/* $OpenBSD: users.c,v 1.14 2018/08/03 16:02:53 deraadt Exp $ */ +/* $OpenBSD: users.c,v 1.15 2021/07/12 15:09:20 beck Exp $ */ /* $NetBSD: users.c,v 1.5 1994/12/20 15:58:19 jtc Exp $ */ /* @@ -54,7 +54,7 @@ main(int argc, char *argv[]) int ch; if (unveil(_PATH_UTMP, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_UTMP); if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); diff --git a/usr.bin/vmstat/vmstat.c b/usr.bin/vmstat/vmstat.c index da88fe0e095..4b7123a9445 100644 --- a/usr.bin/vmstat/vmstat.c +++ b/usr.bin/vmstat/vmstat.c @@ -1,5 +1,5 @@ /* $NetBSD: vmstat.c,v 1.29.4.1 1996/06/05 00:21:05 cgd Exp $ */ -/* $OpenBSD: vmstat.c,v 1.150 2019/11/28 16:27:26 guenther Exp $ */ +/* $OpenBSD: vmstat.c,v 1.151 2021/07/12 15:09:20 beck Exp $ */ /* * Copyright (c) 1980, 1986, 1991, 1993 @@ -213,7 +213,7 @@ main(int argc, char *argv[]) } if (unveil("/", "") == -1) - err(1, "unveil"); + err(1, "unveil /"); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/usr.bin/wall/wall.c b/usr.bin/wall/wall.c index 9626dc16287..30fcecea645 100644 --- a/usr.bin/wall/wall.c +++ b/usr.bin/wall/wall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: wall.c,v 1.34 2019/01/28 20:17:51 deraadt Exp $ */ +/* $OpenBSD: wall.c,v 1.35 2021/07/12 15:09:20 beck Exp $ */ /* $NetBSD: wall.c,v 1.6 1994/11/17 07:17:58 jtc Exp $ */ /* @@ -116,11 +116,11 @@ main(int argc, char **argv) makemsg(*argv); if (unveil(_PATH_UTMP, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_UTMP); if (unveil(_PATH_DEV, "w") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEV); if (unveil(_PATH_DEVDB, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEVDB); if (pledge("stdio rpath wpath getpw proc", NULL) == -1) err(1, "pledge"); diff --git a/usr.bin/who/who.c b/usr.bin/who/who.c index a625d440582..c1582a0675e 100644 --- a/usr.bin/who/who.c +++ b/usr.bin/who/who.c @@ -1,4 +1,4 @@ -/* $OpenBSD: who.c,v 1.29 2020/08/27 15:20:31 semarie Exp $ */ +/* $OpenBSD: who.c,v 1.30 2021/07/12 15:09:20 beck Exp $ */ /* $NetBSD: who.c,v 1.4 1994/12/07 04:28:49 jtc Exp $ */ /* @@ -113,7 +113,7 @@ main(int argc, char *argv[]) if (show_quick) { only_current_term = show_term = show_idle = show_labels = 0; } - + if (show_term) hostwidth -= 2; if (show_idle) @@ -123,10 +123,10 @@ main(int argc, char *argv[]) output_labels(); if (unveil(_PATH_UTMP, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_UTMP); if (show_term || show_idle) { if (unveil(_PATH_DEV, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEV); } switch (argc) { case 0: /* who */ @@ -138,7 +138,7 @@ main(int argc, char *argv[]) who_am_i(ufp); } else if (show_quick) { int count = 0; - + while (fread((char *)&usr, sizeof(usr), 1, ufp) == 1) { if (*usr.ut_name && *usr.ut_line) { (void)printf("%-*.*s ", NAME_WIDTH, @@ -159,7 +159,7 @@ main(int argc, char *argv[]) break; case 1: /* who utmp_file */ if (unveil(*argv, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", *argv); if (pledge("stdio rpath getpw", NULL) == -1) err(1, "pledge"); ufp = file(*argv); diff --git a/usr.sbin/acme-client/chngproc.c b/usr.sbin/acme-client/chngproc.c index 476daed3416..0cbfaf27c31 100644 --- a/usr.sbin/acme-client/chngproc.c +++ b/usr.sbin/acme-client/chngproc.c @@ -1,4 +1,4 @@ -/* $Id: chngproc.c,v 1.15 2019/08/12 18:01:44 benno Exp $ */ +/* $Id: chngproc.c,v 1.16 2021/07/12 15:09:20 beck Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -38,7 +38,7 @@ chngproc(int netsock, const char *root) if (unveil(root, "wc") == -1) { - warn("unveil"); + warn("unveil %s", root); goto out; } diff --git a/usr.sbin/acme-client/fileproc.c b/usr.sbin/acme-client/fileproc.c index 14fbcadc7b6..b8b8651c319 100644 --- a/usr.sbin/acme-client/fileproc.c +++ b/usr.sbin/acme-client/fileproc.c @@ -1,4 +1,4 @@ -/* $Id: fileproc.c,v 1.17 2021/01/03 16:32:38 florian Exp $ */ +/* $Id: fileproc.c,v 1.18 2021/07/12 15:09:20 beck Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -100,7 +100,7 @@ fileproc(int certsock, const char *certdir, const char *certfile, const char enum fileop op; if (unveil(certdir, "rwc") == -1) { - warn("unveil"); + warn("unveil %s", certdir); goto out; } diff --git a/usr.sbin/acme-client/netproc.c b/usr.sbin/acme-client/netproc.c index 348e38ac9da..2fed5924b19 100644 --- a/usr.sbin/acme-client/netproc.c +++ b/usr.sbin/acme-client/netproc.c @@ -1,4 +1,4 @@ -/* $Id: netproc.c,v 1.29 2020/12/24 08:17:49 florian Exp $ */ +/* $Id: netproc.c,v 1.30 2021/07/12 15:09:20 beck Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -688,7 +688,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd, memset(&c, 0, sizeof(struct conn)); if (unveil(tls_default_ca_cert_file(), "r") == -1) { - warn("unveil"); + warn("unveil %s", tls_default_ca_cert_file()); goto out; } diff --git a/usr.sbin/acpidump/acpidump.c b/usr.sbin/acpidump/acpidump.c index ff10d766445..e08a6edada9 100644 --- a/usr.sbin/acpidump/acpidump.c +++ b/usr.sbin/acpidump/acpidump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: acpidump.c,v 1.23 2019/05/11 19:17:56 lteo Exp $ */ +/* $OpenBSD: acpidump.c,v 1.24 2021/07/12 15:09:20 beck Exp $ */ /* * Copyright (c) 2000 Mitsuru IWASAKI <iwasaki@FreeBSD.org> * All rights reserved. @@ -606,25 +606,25 @@ asl_dump_from_devmem(void) /* Can only unveil if being dumped to a dir */ if (aml_dumpdir) { if (unveil(aml_dumpfile, "wc") == -1) - err(1, "unveil"); + err(1, "unveil %s", aml_dumpfile); } else if (aml_dumpfile[0] == '/') { /* admittedly pretty shitty */ if (unveil("/", "wc") == -1) - err(1, "unveil"); + err(1, "unveil /"); } else { if (unveil(".", "wc") == -1) - err(1, "unveil"); + err(1, "unveil ."); } if (unveil(_PATH_MEM, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_MEM); if (unveil(_PATH_KMEM, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_KMEM); if (unveil(_PATH_KVMDB, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_KVMDB); if (unveil(_PATH_KSYMS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_KSYMS); if (unveil(_PATH_UNIX, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_UNIX); if (pledge("stdio rpath wpath cpath", NULL) == -1) err(1, "pledge"); diff --git a/usr.sbin/apmd/apmd.c b/usr.sbin/apmd/apmd.c index b4fdf482e05..aaaf6b941b1 100644 --- a/usr.sbin/apmd/apmd.c +++ b/usr.sbin/apmd/apmd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: apmd.c,v 1.105 2021/04/18 23:51:47 jca Exp $ */ +/* $OpenBSD: apmd.c,v 1.106 2021/07/12 15:09:20 beck Exp $ */ /* * Copyright (c) 1995, 1996 John T. Kohl @@ -504,7 +504,7 @@ main(int argc, char *argv[]) exit(0); if (unveil(_PATH_APM_ETC_DIR, "rx") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_APM_ETC_DIR); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/usr.sbin/dev_mkdb/dev_mkdb.c b/usr.sbin/dev_mkdb/dev_mkdb.c index 32b15ebb917..9bad52a8463 100644 --- a/usr.sbin/dev_mkdb/dev_mkdb.c +++ b/usr.sbin/dev_mkdb/dev_mkdb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dev_mkdb.c,v 1.17 2018/10/18 14:37:01 deraadt Exp $ */ +/* $OpenBSD: dev_mkdb.c,v 1.18 2021/07/12 15:09:20 beck Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -65,11 +65,11 @@ main(int argc, char *argv[]) (void)snprintf(dbname, sizeof(dbname), "%sdev.db", _PATH_VARRUN); if (unveil(_PATH_DEV, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEV); if (unveil(dbtmp, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", dbtmp); if (unveil(dbname, "wc") == -1) - err(1, "unveil"); + err(1, "unveil %s", dbname); if (pledge("stdio rpath wpath cpath flock", NULL) == -1) err(1, "pledge"); diff --git a/usr.sbin/dhcpd/pfutils.c b/usr.sbin/dhcpd/pfutils.c index 38d3e9b60a6..aaa502de20f 100644 --- a/usr.sbin/dhcpd/pfutils.c +++ b/usr.sbin/dhcpd/pfutils.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfutils.c,v 1.21 2019/08/08 06:59:44 mestre Exp $ */ +/* $OpenBSD: pfutils.c,v 1.22 2021/07/12 15:09:20 beck Exp $ */ /* * Copyright (c) 2006 Chris Kuethe <ckuethe@openbsd.org> * @@ -62,7 +62,7 @@ pftable_handler() /* no filesystem visibility */ if (unveil("/", "") == -1) - fatal("unveil"); + fatal("unveil /"); if (unveil(NULL, NULL) == -1) fatal("unveil"); diff --git a/usr.sbin/hotplugd/hotplugd.c b/usr.sbin/hotplugd/hotplugd.c index 9239133c913..9d9aa9647d6 100644 --- a/usr.sbin/hotplugd/hotplugd.c +++ b/usr.sbin/hotplugd/hotplugd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: hotplugd.c,v 1.16 2020/10/15 19:45:50 naddy Exp $ */ +/* $OpenBSD: hotplugd.c,v 1.17 2021/07/12 15:09:21 beck Exp $ */ /* * Copyright (c) 2004 Alexander Yurchenko <grange@openbsd.org> * @@ -77,13 +77,13 @@ main(int argc, char *argv[]) argv += optind; if (argc > 0) usage(); - + if (unveil(device, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", device); if (unveil(_PATH_ETC_HOTPLUG_ATTACH, "rx") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_ETC_HOTPLUG_ATTACH); if (unveil(_PATH_ETC_HOTPLUG_DETACH, "rx") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_ETC_HOTPLUG_DETACH); if (pledge("stdio rpath proc exec", NULL) == -1) err(1, "pledge"); diff --git a/usr.sbin/ifstated/ifstated.c b/usr.sbin/ifstated/ifstated.c index 7d6ba2fae07..621beb0de4a 100644 --- a/usr.sbin/ifstated/ifstated.c +++ b/usr.sbin/ifstated/ifstated.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ifstated.c,v 1.65 2020/12/30 18:40:44 benno Exp $ */ +/* $OpenBSD: ifstated.c,v 1.66 2021/07/12 15:09:21 beck Exp $ */ /* * Copyright (c) 2004 Marco Pfatschbacher <mpf@openbsd.org> @@ -162,9 +162,9 @@ main(int argc, char *argv[]) log_warn("%s: setsockopt tablefilter", __func__); if (unveil(configfile, "r") == -1) - fatal("unveil"); + fatal("unveil %s", configfile); if (unveil(_PATH_BSHELL, "x") == -1) - fatal("unveil"); + fatal("unveil %s", _PATH_BSHELL); if (pledge("stdio rpath route proc exec", NULL) == -1) fatal("pledge"); diff --git a/usr.sbin/iostat/iostat.c b/usr.sbin/iostat/iostat.c index 272c3143f3d..8d32151fe01 100644 --- a/usr.sbin/iostat/iostat.c +++ b/usr.sbin/iostat/iostat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: iostat.c,v 1.43 2020/08/21 01:10:07 kn Exp $ */ +/* $OpenBSD: iostat.c,v 1.44 2021/07/12 15:09:21 beck Exp $ */ /* $NetBSD: iostat.c,v 1.10 1996/10/25 18:21:58 scottr Exp $ */ /* @@ -163,7 +163,7 @@ main(int argc, char *argv[]) dkinit(0); if (unveil("/", "") == -1) - err(1, "unveil"); + err(1, "unveil /"); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/usr.sbin/kvm_mkdb/kvm_mkdb.c b/usr.sbin/kvm_mkdb/kvm_mkdb.c index bda0080948e..6c21e17ba1b 100644 --- a/usr.sbin/kvm_mkdb/kvm_mkdb.c +++ b/usr.sbin/kvm_mkdb/kvm_mkdb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kvm_mkdb.c,v 1.31 2019/06/28 13:32:48 deraadt Exp $ */ +/* $OpenBSD: kvm_mkdb.c,v 1.32 2021/07/12 15:09:21 beck Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -117,15 +117,15 @@ main(int argc, char *argv[]) if (argc > 0) { if (unveil(argv[0], "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", argv[0]); } else { if (unveil(_PATH_UNIX, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_UNIX); if (unveil(_PATH_KSYMS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_KSYMS); } if (unveil(dbdir, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", dbdir); if (pledge("stdio rpath wpath cpath fattr flock", NULL) == -1) err(1, "pledge"); diff --git a/usr.sbin/ldapd/ldapd.c b/usr.sbin/ldapd/ldapd.c index 19679048f56..165cb10374d 100644 --- a/usr.sbin/ldapd/ldapd.c +++ b/usr.sbin/ldapd/ldapd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldapd.c,v 1.27 2021/01/27 22:12:28 rob Exp $ */ +/* $OpenBSD: ldapd.c,v 1.28 2021/07/12 15:09:21 beck Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -237,15 +237,15 @@ main(int argc, char *argv[]) ldapd_needfd); if (unveil(_PATH_NOLOGIN, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_NOLOGIN); if (unveil(_PATH_LOGIN_CONF, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_LOGIN_CONF); if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) - err(1, "unveil"); + err(1, "unveil %s.db", _PATH_LOGIN_CONF); if (unveil(_PATH_AUTHPROGDIR, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_AUTHPROGDIR); if (unveil(datadir, "rw") == -1) - err(1, "unveil"); + err(1, "unveil %s", datadir); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/usr.sbin/makefs/cd9660.c b/usr.sbin/makefs/cd9660.c index 80e0f8dd3bf..62e0a159992 100644 --- a/usr.sbin/makefs/cd9660.c +++ b/usr.sbin/makefs/cd9660.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cd9660.c,v 1.21 2018/11/20 01:13:14 yasuoka Exp $ */ +/* $OpenBSD: cd9660.c,v 1.22 2021/07/12 15:09:21 beck Exp $ */ /* $NetBSD: cd9660.c,v 1.53 2016/11/25 23:02:44 christos Exp $ */ /* @@ -1975,7 +1975,7 @@ cd9660_add_generic_bootimage(iso9660_disk *diskStructure, const char *bootimage) diskStructure->generic_bootimage = estrdup(bootimage); if (unveil(diskStructure->generic_bootimage, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", diskStructure->generic_bootimage); /* Get information about the file */ if (lstat(diskStructure->generic_bootimage, &stbuf) == -1) err(1, "%s: lstat(\"%s\")", __func__, diff --git a/usr.sbin/makefs/cd9660/cd9660_eltorito.c b/usr.sbin/makefs/cd9660/cd9660_eltorito.c index 1c9b291a8b1..347b596fdc5 100644 --- a/usr.sbin/makefs/cd9660/cd9660_eltorito.c +++ b/usr.sbin/makefs/cd9660/cd9660_eltorito.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cd9660_eltorito.c,v 1.14 2018/11/20 01:13:15 yasuoka Exp $ */ +/* $OpenBSD: cd9660_eltorito.c,v 1.15 2021/07/12 15:09:21 beck Exp $ */ /* $NetBSD: cd9660_eltorito.c,v 1.20 2013/01/28 21:03:28 christos Exp $ */ /* @@ -120,7 +120,7 @@ cd9660_add_boot_disk(iso9660_disk *diskStructure, const char *boot_info) free(temp); if (unveil(new_image->filename, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", new_image->filename); /* Get information about the file */ if (lstat(new_image->filename, &stbuf) == -1) err(1, "%s: lstat(\"%s\")", __func__, new_image->filename); diff --git a/usr.sbin/makefs/makefs.c b/usr.sbin/makefs/makefs.c index 5b8b4ed823b..75e71c8c28b 100644 --- a/usr.sbin/makefs/makefs.c +++ b/usr.sbin/makefs/makefs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: makefs.c,v 1.20 2018/09/24 22:55:50 deraadt Exp $ */ +/* $OpenBSD: makefs.c,v 1.21 2021/07/12 15:09:21 beck Exp $ */ /* $NetBSD: makefs.c,v 1.53 2015/11/27 15:10:32 joerg Exp $ */ /* @@ -199,9 +199,9 @@ main(int argc, char *argv[]) usage(); if (unveil(argv[0], "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", argv[0]); if (unveil(argv[1], "rw") == -1) - err(1, "unveil"); + err(1, "unveil %s", argv[1]); if (pledge("stdio rpath wpath cpath", NULL) == -1) err(1, "pledge"); diff --git a/usr.sbin/ntpd/ntpd.c b/usr.sbin/ntpd/ntpd.c index e015d1d0933..134073117cb 100644 --- a/usr.sbin/ntpd/ntpd.c +++ b/usr.sbin/ntpd/ntpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.c,v 1.129 2020/02/12 19:14:56 otto Exp $ */ +/* $OpenBSD: ntpd.c,v 1.130 2021/07/12 15:09:21 beck Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> @@ -284,9 +284,9 @@ main(int argc, char *argv[]) * then privdrop into chroot before speaking to the outside world. */ if (unveil(tls_default_ca_cert_file(), "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", tls_default_ca_cert_file()); if (unveil("/usr/sbin/ntpd", "x") == -1) - err(1, "unveil"); + err(1, "unveil /usr/sbin/ntpd"); if (pledge("stdio rpath inet settime proc exec id", NULL) == -1) err(1, "pledge"); diff --git a/usr.sbin/ocspcheck/ocspcheck.c b/usr.sbin/ocspcheck/ocspcheck.c index 50f114f07cf..46e7e666073 100644 --- a/usr.sbin/ocspcheck/ocspcheck.c +++ b/usr.sbin/ocspcheck/ocspcheck.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocspcheck.c,v 1.29 2021/02/09 16:55:51 claudio Exp $ */ +/* $OpenBSD: ocspcheck.c,v 1.30 2021/07/12 15:09:21 beck Exp $ */ /* * Copyright (c) 2017,2020 Bob Beck <beck@openbsd.org> @@ -617,14 +617,14 @@ main(int argc, char **argv) if (cafile != NULL) { if (unveil(cafile, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", cafile); } if (cadir != NULL) { if (unveil(cadir, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", cadir); } if (unveil(certfile, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", certfile); if (pledge("stdio inet rpath dns", NULL) == -1) err(1, "pledge"); diff --git a/usr.sbin/pcidump/pcidump.c b/usr.sbin/pcidump/pcidump.c index b0082a30183..d9820b9dd61 100644 --- a/usr.sbin/pcidump/pcidump.c +++ b/usr.sbin/pcidump/pcidump.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pcidump.c,v 1.64 2021/05/30 02:24:43 jsg Exp $ */ +/* $OpenBSD: pcidump.c,v 1.65 2021/07/12 15:09:21 beck Exp $ */ /* * Copyright (c) 2006, 2007 David Gwynne <loki@animata.net> @@ -191,7 +191,7 @@ main(int argc, char *argv[]) } if (unveil("/dev", "r") == -1) - err(1, "unveil"); + err(1, "unveil /dev"); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/usr.sbin/pstat/pstat.c b/usr.sbin/pstat/pstat.c index 04c9e6bcfe5..3918afba16d 100644 --- a/usr.sbin/pstat/pstat.c +++ b/usr.sbin/pstat/pstat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pstat.c,v 1.123 2020/09/28 15:53:13 tb Exp $ */ +/* $OpenBSD: pstat.c,v 1.124 2021/07/12 15:09:21 beck Exp $ */ /* $NetBSD: pstat.c,v 1.27 1996/10/23 22:50:06 cgd Exp $ */ /*- @@ -230,7 +230,7 @@ main(int argc, char *argv[]) } if (unveil(_PATH_DEVDB, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEVDB); if (pledge("stdio rpath vminfo", NULL) == -1) err(1, "pledge"); diff --git a/usr.sbin/relayd/relayd.c b/usr.sbin/relayd/relayd.c index 46f31306eab..54e26e646fa 100644 --- a/usr.sbin/relayd/relayd.c +++ b/usr.sbin/relayd/relayd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.c,v 1.186 2021/01/27 07:21:54 deraadt Exp $ */ +/* $OpenBSD: relayd.c,v 1.187 2021/07/12 15:09:21 beck Exp $ */ /* * Copyright (c) 2007 - 2016 Reyk Floeter <reyk@openbsd.org> @@ -225,7 +225,7 @@ main(int argc, char *argv[]) log_info("startup"); if (unveil("/", "rx") == -1) - err(1, "unveil"); + err(1, "unveil /"); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/usr.sbin/sensorsd/sensorsd.c b/usr.sbin/sensorsd/sensorsd.c index 7e06ffb0798..d1322d21bb8 100644 --- a/usr.sbin/sensorsd/sensorsd.c +++ b/usr.sbin/sensorsd/sensorsd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sensorsd.c,v 1.67 2020/07/22 15:33:49 bluhm Exp $ */ +/* $OpenBSD: sensorsd.c,v 1.68 2021/07/12 15:09:21 beck Exp $ */ /* * Copyright (c) 2003 Henning Brauer <henning@openbsd.org> @@ -147,11 +147,11 @@ main(int argc, char *argv[]) chdir("/"); if (unveil(configfile, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", configfile); if (unveil(configdb, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", configdb); if (unveil("/", "x") == -1) - err(1, "unveil"); + err(1, "unveil /"); if (pledge("stdio rpath proc exec", NULL) == -1) err(1, "pledge"); diff --git a/usr.sbin/syslogd/privsep.c b/usr.sbin/syslogd/privsep.c index b523d926ef4..f2e8e3bb72a 100644 --- a/usr.sbin/syslogd/privsep.c +++ b/usr.sbin/syslogd/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.72 2020/09/16 11:03:36 martijn Exp $ */ +/* $OpenBSD: privsep.c,v 1.73 2021/07/12 15:09:21 beck Exp $ */ /* * Copyright (c) 2003 Anil Madhavapeddy <anil@recoil.org> @@ -185,24 +185,24 @@ priv_exec(char *conf, int numeric, int child, int argc, char *argv[]) errx(1, "unknown user _syslogd"); if (unveil(conf, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", conf); if (unveil(_PATH_UTMP, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_UTMP); if (unveil(_PATH_DEV, "rw") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEV); if (unveil(_PATH_LOGPID, "c") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_LOGPID); /* for pipes */ if (unveil(_PATH_BSHELL, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_BSHELL); /* For HUP / re-exec */ if (unveil("/usr/sbin/syslogd", "x") == -1) - err(1, "unveil"); + err(1, "unveil /usr/sbin/syslogd"); if (argv[0][0] == '/') if (unveil(argv[0], "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", argv[0]); if (pledge("stdio unveil rpath wpath cpath dns sendfd id proc exec", NULL) == -1) diff --git a/usr.sbin/tcpdrop/tcpdrop.c b/usr.sbin/tcpdrop/tcpdrop.c index 63d6ea1c1fa..70feea0a995 100644 --- a/usr.sbin/tcpdrop/tcpdrop.c +++ b/usr.sbin/tcpdrop/tcpdrop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tcpdrop.c,v 1.19 2019/11/27 17:49:09 deraadt Exp $ */ +/* $OpenBSD: tcpdrop.c,v 1.20 2021/07/12 15:09:21 beck Exp $ */ /* * Copyright (c) 2004 Markus Friedl <markus@openbsd.org> @@ -65,9 +65,9 @@ main(int argc, char **argv) int gaierr, rval = 0; if (unveil(_PATH_HOSTS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_HOSTS); if (unveil(_PATH_RESCONF, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_RESCONF); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/usr.sbin/tcpdump/privsep.c b/usr.sbin/tcpdump/privsep.c index 2eaaa584482..bb3424d9bca 100644 --- a/usr.sbin/tcpdump/privsep.c +++ b/usr.sbin/tcpdump/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.55 2020/12/04 11:36:13 mvs Exp $ */ +/* $OpenBSD: privsep.c,v 1.56 2021/07/12 15:09:21 beck Exp $ */ /* * Copyright (c) 2003 Can Erkin Acar @@ -316,9 +316,9 @@ priv_exec(int argc, char *argv[]) drop_privs(1); if (unveil("/etc/ethers", "r") == -1) - err(1, "unveil"); + err(1, "unveil /etc/ethers"); if (unveil("/etc/rpc", "r") == -1) - err(1, "unveil"); + err(1, "unveil /etc/rpc"); if (pledge("stdio rpath dns bpf", NULL) == -1) err(1, "pledge"); diff --git a/usr.sbin/traceroute/traceroute.c b/usr.sbin/traceroute/traceroute.c index e1ae29c4f1d..b0bcd6cdb0b 100644 --- a/usr.sbin/traceroute/traceroute.c +++ b/usr.sbin/traceroute/traceroute.c @@ -1,4 +1,4 @@ -/* $OpenBSD: traceroute.c,v 1.163 2020/02/11 18:41:39 deraadt Exp $ */ +/* $OpenBSD: traceroute.c,v 1.164 2021/07/12 15:09:21 beck Exp $ */ /* $NetBSD: traceroute.c,v 1.10 1995/05/21 15:50:45 mycroft Exp $ */ /* @@ -329,7 +329,7 @@ main(int argc, char *argv[]) /* Cannot pledge due to special setsockopt()s below */ if (unveil("/", "r") == -1) - err(1, "unveil"); + err(1, "unveil /"); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/usr.sbin/unbound/smallapp/unbound-anchor.c b/usr.sbin/unbound/smallapp/unbound-anchor.c index f1adc6db561..dbd5f129257 100644 --- a/usr.sbin/unbound/smallapp/unbound-anchor.c +++ b/usr.sbin/unbound/smallapp/unbound-anchor.c @@ -2418,17 +2418,17 @@ int main(int argc, char* argv[]) exit(0); } if (unveil(root_anchor_temppath, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", root_anchor_temppath); free(root_anchor_temppath); free(s); if (unveil(root_cert_file, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", root_cert_file); if (res_conf != NULL && unveil(res_conf, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", res_conf); if (root_hints != NULL && unveil(root_hints, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", root_hints); if (debugconf != NULL && unveil(debugconf, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", debugconf); if (pledge("stdio rpath wpath cpath inet dns", NULL) == -1) err(1, "pledge"); diff --git a/usr.sbin/usbdevs/usbdevs.c b/usr.sbin/usbdevs/usbdevs.c index 67f84982eca..acbe77a5285 100644 --- a/usr.sbin/usbdevs/usbdevs.c +++ b/usr.sbin/usbdevs/usbdevs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: usbdevs.c,v 1.33 2019/12/22 14:02:38 semarie Exp $ */ +/* $OpenBSD: usbdevs.c,v 1.34 2021/07/12 15:09:22 beck Exp $ */ /* $NetBSD: usbdevs.c,v 1.19 2002/02/21 00:34:31 christos Exp $ */ /* @@ -263,7 +263,7 @@ main(int argc, char **argv) usage(); if (unveil("/dev", "r") == -1) - err(1, "unveil"); + err(1, "unveil /dev"); if (unveil(NULL, NULL) == -1) err(1, "unveil"); diff --git a/usr.sbin/vipw/vipw.c b/usr.sbin/vipw/vipw.c index 685a437b73a..d2310dbcef1 100644 --- a/usr.sbin/vipw/vipw.c +++ b/usr.sbin/vipw/vipw.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vipw.c,v 1.24 2019/06/28 13:32:51 deraadt Exp $ */ +/* $OpenBSD: vipw.c,v 1.25 2021/07/12 15:09:22 beck Exp $ */ /* * Copyright (c) 1987, 1993, 1994 @@ -64,13 +64,13 @@ main(int argc, char *argv[]) usage(); if (unveil(_PATH_MASTERPASSWD_LOCK, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_MASTERPASSWD_LOCK); if (unveil(_PATH_MASTERPASSWD, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_MASTERPASSWD); if (unveil(_PATH_BSHELL, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_BSHELL); if (unveil(_PATH_PWD_MKDB, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_PWD_MKDB); if (pledge("stdio rpath wpath cpath fattr proc exec", NULL) == -1) err(1, "pledge"); diff --git a/usr.sbin/vmctl/main.c b/usr.sbin/vmctl/main.c index eb1827689f9..0f7e4329a00 100644 --- a/usr.sbin/vmctl/main.c +++ b/usr.sbin/vmctl/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.67 2021/06/28 14:01:38 tb Exp $ */ +/* $OpenBSD: main.c,v 1.68 2021/07/12 15:09:22 beck Exp $ */ /* * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org> @@ -197,7 +197,7 @@ vmmaction(struct parse_result *res) if (ctl_sock == -1) { if (unveil(SOCKET_NAME, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", SOCKET_NAME); if ((ctl_sock = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0)) == -1) err(1, "socket"); @@ -1023,7 +1023,7 @@ ctl_openconsole(const char *name) { closefrom(STDERR_FILENO + 1); if (unveil(VMCTL_CU, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", VMCTL_CU); execl(VMCTL_CU, VMCTL_CU, "-r", "-l", name, "-s", "115200", (char *)NULL); err(1, "failed to open the console"); |