diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2018-08-08 22:59:34 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2018-08-08 22:59:34 +0000 |
| commit | 79c1e983a5afdc9af61f455cd00f964772cde4be (patch) | |
| tree | dfe710464210d04efee3136bf893e9636e00b4b0 | |
| parent | e4393ab244affe735e4e09831723de9ddb8b418d (diff) | |
lockspool only plays with files in _PATH_MAILDIR, so unveil that path.
| -rw-r--r-- | libexec/lockspool/lockspool.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/libexec/lockspool/lockspool.c b/libexec/lockspool/lockspool.c index 4192929f47f..6f21c08b100 100644 --- a/libexec/lockspool/lockspool.c +++ b/libexec/lockspool/lockspool.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lockspool.c,v 1.18 2015/11/24 00:19:29 deraadt Exp $ */ +/* $OpenBSD: lockspool.c,v 1.19 2018/08/08 22:59:33 deraadt Exp $ */ /* * Copyright (c) 1998 Theo de Raadt <deraadt@theos.com> @@ -32,6 +32,7 @@ #include <unistd.h> #include <errno.h> #include <stdio.h> +#include <paths.h> #include <stdlib.h> #include <poll.h> #include <err.h> @@ -52,6 +53,8 @@ main(int argc, char *argv[]) char *from, c; int holdfd; + if (unveil(_PATH_MAILDIR, "rwc") == -1) + err(1, "unveil"); if (pledge("stdio rpath wpath getpw cpath fattr", NULL) == -1) err(1, "pledge"); |