diff options
| author | Ricardo Mestre <mestre@cvs.openbsd.org> | 2018-10-25 06:41:51 +0000 |
|---|---|---|
| committer | Ricardo Mestre <mestre@cvs.openbsd.org> | 2018-10-25 06:41:51 +0000 |
| commit | f68bd1f9b8f6c6f35c21b398e4302ca27a5ab3bc (patch) | |
| tree | 9cbc9659ae02db545b8f757c90b894dd3670f2db /libexec | |
| parent | 2166e8b5232305cdffabfea0996c374248f77cbe (diff) | |
The only file that spamlogd(8) needs to access after calling pledge(2) is
PATH_SPAMD_DB, so unveil(2) it with O_RDWR permissions.
OK millert@ beck@
Diffstat (limited to 'libexec')
| -rw-r--r-- | libexec/spamlogd/spamlogd.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/libexec/spamlogd/spamlogd.c b/libexec/spamlogd/spamlogd.c index beba9116187..0eaf7aa8652 100644 --- a/libexec/spamlogd/spamlogd.c +++ b/libexec/spamlogd/spamlogd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: spamlogd.c,v 1.27 2016/03/16 14:47:04 mestre Exp $ */ +/* $OpenBSD: spamlogd.c,v 1.28 2018/10/25 06:41:50 mestre Exp $ */ /* * Copyright (c) 2006 Henning Brauer <henning@openbsd.org> @@ -375,6 +375,8 @@ main(int argc, char **argv) openlog_r("spamlogd", LOG_PID | LOG_NDELAY, LOG_DAEMON, &sdata); } + if (unveil(PATH_SPAMD_DB, "rw") == -1) + err(1, "unveil"); if (syncsend) { if (pledge("stdio rpath wpath inet flock", NULL) == -1) err(1, "pledge"); |