diff options
| author | Ricardo Mestre <mestre@cvs.openbsd.org> | 2022-02-21 19:49:47 +0000 |
|---|---|---|
| committer | Ricardo Mestre <mestre@cvs.openbsd.org> | 2022-02-21 19:49:47 +0000 |
| commit | cfa9c20b5cfd72c95b9d86a5a7bb55742f97f89d (patch) | |
| tree | 2153b74d100dec655bb7756685372ea84e373653 /libexec/rpc.rusersd | |
| parent | faa7a3fc312f34443d3586ec58161c4d87a96fe5 (diff) | |
unveil(2) "/dev" read-only instead of using chroot(2)/chdir(2). after calling
the latter the program then also calls stat(2) and therefore it never actually
worked correctly since they were added almost 20 years now.
while here remove an implementation detail from the manpage which covered the
chroot part.
pointed out by and ok deraadt@
Diffstat (limited to 'libexec/rpc.rusersd')
| -rw-r--r-- | libexec/rpc.rusersd/rpc.rusersd.8 | 16 | ||||
| -rw-r--r-- | libexec/rpc.rusersd/rusersd.c | 8 |
2 files changed, 7 insertions, 17 deletions
diff --git a/libexec/rpc.rusersd/rpc.rusersd.8 b/libexec/rpc.rusersd/rpc.rusersd.8 index 541278a40f2..4f1e6b120c0 100644 --- a/libexec/rpc.rusersd/rpc.rusersd.8 +++ b/libexec/rpc.rusersd/rpc.rusersd.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rpc.rusersd.8,v 1.8 2015/12/01 20:27:06 tim Exp $ +.\" $OpenBSD: rpc.rusersd.8,v 1.9 2022/02/21 19:49:46 mestre Exp $ .\" .\" Copyright (c) 1985, 1991 The Regents of the University of California. .\" All rights reserved. @@ -27,9 +27,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: rpc.rusersd.8,v 1.8 2015/12/01 20:27:06 tim Exp $ +.\" $Id: rpc.rusersd.8,v 1.9 2022/02/21 19:49:46 mestre Exp $ .\" -.Dd $Mdocdate: December 1 2015 $ +.Dd $Mdocdate: February 21 2022 $ .Dt RPC.RUSERSD 8 .Os .Sh NAME @@ -41,16 +41,6 @@ .Nm rpc.rusersd is a server which returns information about users currently logged in to the system. -At startup, -.Nm -opens -.Pa /var/run/utmp -and subsequently performs a -.Xr chroot 2 -to -.Pa /var/empty -and switches to user -.Va _rusersd . .Pp The currently logged in users are queried using the .Xr rusers 1 diff --git a/libexec/rpc.rusersd/rusersd.c b/libexec/rpc.rusersd/rusersd.c index 6b28bb5c581..9b4eff0a8a1 100644 --- a/libexec/rpc.rusersd/rusersd.c +++ b/libexec/rpc.rusersd/rusersd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rusersd.c,v 1.21 2019/06/28 13:32:53 deraadt Exp $ */ +/* $OpenBSD: rusersd.c,v 1.22 2022/02/21 19:49:46 mestre Exp $ */ /*- * Copyright (c) 1993 John Brezak @@ -80,11 +80,11 @@ main(int argc, char *argv[]) syslog(LOG_ERR, "no such user _rusersd"); exit(1); } - if (chroot("/var/empty") == -1) { - syslog(LOG_ERR, "cannot chdir to /var/empty."); + + if (unveil("/dev", "r") == -1) { + syslog(LOG_ERR, "unveil /dev"); exit(1); } - chdir("/"); setgroups(1, &pw->pw_gid); setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid); |