summaryrefslogtreecommitdiff
path: root/libexec/fingerd/fingerd.c
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2018-08-03 15:14:19 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2018-08-03 15:14:19 +0000
commitae285e6ea31ad6db6290fd20f1fb9e7bd4d9f6b8 (patch)
treeaed8736d489b42987e7484e1c9096d1aab55e503 /libexec/fingerd/fingerd.c
parentfb34fecf551492642fb8a3ee1800eaa0ca5553eb (diff)
Move pledge to after getopt, when the finger program becomes known
(defaults to /usr/bin/finger, but can be redefined with -P option). Then unveil that program for "x" (execution), and pledge as before. No other filesystem accesses occur after that point.
Diffstat (limited to 'libexec/fingerd/fingerd.c')
-rw-r--r--libexec/fingerd/fingerd.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/libexec/fingerd/fingerd.c b/libexec/fingerd/fingerd.c
index e93effce434..647b6f57cbc 100644
--- a/libexec/fingerd/fingerd.c
+++ b/libexec/fingerd/fingerd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: fingerd.c,v 1.39 2015/11/13 01:26:33 deraadt Exp $ */
+/* $OpenBSD: fingerd.c,v 1.40 2018/08/03 15:14:18 deraadt Exp $ */
/*
* Copyright (c) 1983, 1993
@@ -68,9 +68,6 @@ main(int argc, char *argv[])
char **ap, *av[ENTRIES + 1], line[8192], *lp, *hname;
char hostbuf[HOST_NAME_MAX+1];
- if (pledge("stdio inet dns proc exec", NULL) == -1)
- err(1, "pledge");
-
prog = _PATH_FINGER;
logging = secure = user_required = short_list = 0;
openlog("fingerd", LOG_PID, LOG_DAEMON);
@@ -111,6 +108,11 @@ main(int argc, char *argv[])
usage();
}
+ if (unveil(prog, "x") == -1)
+ err(1, "unveil");
+ if (pledge("stdio inet dns proc exec", NULL) == -1)
+ err(1, "pledge");
+
if (logging) {
struct sockaddr_storage ss;
struct sockaddr *sa;