use _PATH_ names for unveil if possible

4 files changed, 17 insertions, 13 deletions

diff --git a/sbin/dhclient/dhclient.c b/sbin/dhclient/dhclient.c
index 4d870a3adcc..221acd47ecc 100644
--- a/sbin/dhclient/dhclient.c
+++ b/sbin/dhclient/dhclient.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: dhclient.c,v 1.654 2019/11/22 22:45:52 krw Exp $	*/
+/*	$OpenBSD: dhclient.c,v 1.655 2019/11/27 17:49:09 deraadt Exp $	*/
 
 /*
  * Copyright 2004 Henning Brauer <henning@openbsd.org>
@@ -2310,7 +2310,7 @@ fork_privchld(struct interface_info *ifi, int fd, int fd2)
 	if ((routefd = socket(AF_ROUTE, SOCK_RAW, 0)) == -1)
 		fatal("socket(AF_ROUTE, SOCK_RAW)");
 
-	if (unveil("/etc/resolv.conf", "wc") == -1)
+	if (unveil(_PATH_RESCONF, "wc") == -1)
 		fatal("unveil");
 	if (unveil("/etc/resolv.conf.tail", "r") == -1)
 		fatal("unveil");
diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index 2ebb9b014cd..2350c2d5770 100644
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ifconfig.c,v 1.414 2019/10/24 18:54:10 bluhm Exp $	*/
+/*	$OpenBSD: ifconfig.c,v 1.415 2019/11/27 17:49:09 deraadt Exp $	*/
 /*	$NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $	*/
 
 /*
@@ -103,6 +103,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <limits.h>
+#include <resolv.h>
 #include <util.h>
 #include <ifaddrs.h>
 
@@ -785,11 +786,11 @@ main(int argc, char *argv[])
 	}
 
 	if (!found_rulefile) {
-		if (unveil("/etc/resolv.conf", "r") == -1)
+		if (unveil(_PATH_RESCONF, "r") == -1)
 			err(1, "unveil");
-		if (unveil("/etc/hosts", "r") == -1)
+		if (unveil(_PATH_HOSTS, "r") == -1)
 			err(1, "unveil");
-		if (unveil("/etc/services", "r") == -1)
+		if (unveil(_PATH_SERVICES, "r") == -1)
 			err(1, "unveil");
 		if (unveil(NULL, NULL) == -1)
 			err(1, "unveil");
diff --git a/sbin/pflogd/privsep.c b/sbin/pflogd/privsep.c
index 36cc0395f1d..a1c109005cf 100644
--- a/sbin/pflogd/privsep.c
+++ b/sbin/pflogd/privsep.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: privsep.c,v 1.33 2019/06/28 13:32:45 deraadt Exp $	*/
+/*	$OpenBSD: privsep.c,v 1.34 2019/11/27 17:49:09 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2003 Can Erkin Acar
@@ -37,6 +37,8 @@
 #include <string.h>
 #include <syslog.h>
 #include <unistd.h>
+#include <netdb.h>
+#include <resolv.h>
 #include "pflogd.h"
 
 enum cmd_types {
@@ -131,11 +133,11 @@ priv_init(int Pflag, int argc, char *argv[])
 
 	setproctitle("[priv]");
 
-	if (unveil("/etc/resolv.conf", "r") == -1)
+	if (unveil(_PATH_RESCONF, "r") == -1)
 		err(1, "unveil");
-	if (unveil("/etc/hosts", "r") == -1)
+	if (unveil(_PATH_HOSTS, "r") == -1)
 		err(1, "unveil");
-	if (unveil("/etc/services", "r") == -1)
+	if (unveil(_PATH_SERVICES, "r") == -1)
 		err(1, "unveil");
 	if (unveil("/dev/bpf", "r") == -1)
 		err(1, "unveil");
diff --git a/usr.sbin/tcpdrop/tcpdrop.c b/usr.sbin/tcpdrop/tcpdrop.c
index 2156076d477..63d6ea1c1fa 100644
--- a/usr.sbin/tcpdrop/tcpdrop.c
+++ b/usr.sbin/tcpdrop/tcpdrop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tcpdrop.c,v 1.18 2018/11/08 07:14:37 mestre Exp $ */
+/* $OpenBSD: tcpdrop.c,v 1.19 2019/11/27 17:49:09 deraadt Exp $ */
 
 /*
  * Copyright (c) 2004 Markus Friedl <markus@openbsd.org>
@@ -32,6 +32,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <resolv.h>
 
 __dead void	 usage(void);
 
@@ -63,9 +64,9 @@ main(int argc, char **argv)
 	struct tcp_ident_mapping tir;
 	int gaierr, rval = 0;
 
-	if (unveil("/etc/hosts", "r") == -1)
+	if (unveil(_PATH_HOSTS, "r") == -1)
 		err(1, "unveil");
-	if (unveil("/etc/resolv.conf", "r") == -1)
+	if (unveil(_PATH_RESCONF, "r") == -1)
 		err(1, "unveil");
 	if (unveil(NULL, NULL) == -1)
 		err(1, "unveil");