diff options
| author | Ricardo Mestre <mestre@cvs.openbsd.org> | 2018-10-25 06:42:36 +0000 |
|---|---|---|
| committer | Ricardo Mestre <mestre@cvs.openbsd.org> | 2018-10-25 06:42:36 +0000 |
| commit | c3fb12f2dd4c9db09f8eda57895d60e5e2d695f1 (patch) | |
| tree | 7257771d5a4ed3efdc46ec5279bf514d1abe9ea6 /libexec | |
| parent | f68bd1f9b8f6c6f35c21b398e4302ca27a5ab3bc (diff) | |
When spamd(8) runs in greylist mode in the parent process (which runs
greywatcher()) we know that the only files that it will ever access are
PATH_SPAMD_DB in rw mode, alloweddomains_file in r and that it will need to
execute PATH_PFCTL so we can unveil(2) them with those permissions.
OK deraadt@ millert@ beck@
Diffstat (limited to 'libexec')
| -rw-r--r-- | libexec/spamd/grey.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/libexec/spamd/grey.c b/libexec/spamd/grey.c index c75d0dad2f5..582e9a34587 100644 --- a/libexec/spamd/grey.c +++ b/libexec/spamd/grey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: grey.c,v 1.65 2017/10/18 17:31:01 millert Exp $ */ +/* $OpenBSD: grey.c,v 1.66 2018/10/25 06:42:35 mestre Exp $ */ /* * Copyright (c) 2004-2006 Bob Beck. All rights reserved. @@ -1078,6 +1078,18 @@ greywatcher(void) drop_privs(); + if (unveil(PATH_SPAMD_DB, "rw") == -1) { + syslog_r(LOG_ERR, &sdata, "unveil failed (%m)"); + exit(1); + } + if (unveil(alloweddomains_file, "r") == -1) { + syslog_r(LOG_ERR, &sdata, "unveil failed (%m)"); + exit(1); + } + if (unveil(PATH_PFCTL, "x") == -1) { + syslog_r(LOG_ERR, &sdata, "unveil failed (%m)"); + exit(1); + } if (pledge("stdio rpath wpath inet flock proc exec", NULL) == -1) { syslog_r(LOG_ERR, &sdata, "pledge failed (%m)"); exit(1); |