diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2018-09-24 22:56:55 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2018-09-24 22:56:55 +0000 |
| commit | 098ee89fca7aec2d538dd95f5a6f9e9a19164877 (patch) | |
| tree | f5c814f42a3e7ef3afb5d41b8c8882b936cd7a0c /libexec/comsat | |
| parent | 5ab59e1c67605218050b84b28157fe2a13f13d9b (diff) | |
unveil maildir, utmp, /tmp, and /dev. For the vast number of people
using biff.
Diffstat (limited to 'libexec/comsat')
| -rw-r--r-- | libexec/comsat/comsat.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c index df7283b29ac..3a90d34d94a 100644 --- a/libexec/comsat/comsat.c +++ b/libexec/comsat/comsat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: comsat.c,v 1.48 2017/04/03 17:23:39 tedu Exp $ */ +/* $OpenBSD: comsat.c,v 1.49 2018/09/24 22:56:54 deraadt Exp $ */ /* * Copyright (c) 1980, 1993 @@ -91,6 +91,14 @@ main(int argc, char *argv[]) exit(1); } + if (unveil(_PATH_MAILDIR, "r") == -1) + err(1, "unveil"); + if (unveil(_PATH_UTMP, "r") == -1) + err(1, "unveil"); + if (unveil("/tmp", "w") == -1) + err(1, "unveil"); + if (unveil(_PATH_DEV, "rw") == -1) + err(1, "unveil"); if (pledge("stdio rpath wpath proc tty", NULL) == -1) err(1, "pledge"); |