diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2018-08-03 15:14:19 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2018-08-03 15:14:19 +0000 |
commit | ae285e6ea31ad6db6290fd20f1fb9e7bd4d9f6b8 (patch) | |
tree | aed8736d489b42987e7484e1c9096d1aab55e503 /libexec/fingerd/fingerd.c | |
parent | fb34fecf551492642fb8a3ee1800eaa0ca5553eb (diff) |
Move pledge to after getopt, when the finger program becomes known
(defaults to /usr/bin/finger, but can be redefined with -P option).
Then unveil that program for "x" (execution), and pledge as before.
No other filesystem accesses occur after that point.
Diffstat (limited to 'libexec/fingerd/fingerd.c')
-rw-r--r-- | libexec/fingerd/fingerd.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/libexec/fingerd/fingerd.c b/libexec/fingerd/fingerd.c index e93effce434..647b6f57cbc 100644 --- a/libexec/fingerd/fingerd.c +++ b/libexec/fingerd/fingerd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: fingerd.c,v 1.39 2015/11/13 01:26:33 deraadt Exp $ */ +/* $OpenBSD: fingerd.c,v 1.40 2018/08/03 15:14:18 deraadt Exp $ */ /* * Copyright (c) 1983, 1993 @@ -68,9 +68,6 @@ main(int argc, char *argv[]) char **ap, *av[ENTRIES + 1], line[8192], *lp, *hname; char hostbuf[HOST_NAME_MAX+1]; - if (pledge("stdio inet dns proc exec", NULL) == -1) - err(1, "pledge"); - prog = _PATH_FINGER; logging = secure = user_required = short_list = 0; openlog("fingerd", LOG_PID, LOG_DAEMON); @@ -111,6 +108,11 @@ main(int argc, char *argv[]) usage(); } + if (unveil(prog, "x") == -1) + err(1, "unveil"); + if (pledge("stdio inet dns proc exec", NULL) == -1) + err(1, "pledge"); + if (logging) { struct sockaddr_storage ss; struct sockaddr *sa; |