add missing unveil(2) of an arbitrary kernel (when -N is used), or _PATH_UNIX by

default, with read permissions.

report and fix provided by semarie@
OK deraadt@

1 files changed, 5 insertions, 1 deletions

diff --git a/sbin/savecore/savecore.c b/sbin/savecore/savecore.c
index 8b2a6cf50d0..53257574006 100644
--- a/sbin/savecore/savecore.c
+++ b/sbin/savecore/savecore.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: savecore.c,v 1.58 2018/09/24 21:26:38 deraadt Exp $	*/
+/*	$OpenBSD: savecore.c,v 1.59 2018/09/28 14:03:14 mestre Exp $	*/
 /*	$NetBSD: savecore.c,v 1.26 1996/03/18 21:16:05 leo Exp $	*/
 
 /*-
@@ -175,6 +175,10 @@ main(int argc, char *argv[])
 		syslog(LOG_ERR, "unveil: %m");
 		exit(1);
 	}
+	if (unveil(kernel ? kernel : _PATH_UNIX, "r") == -1) {
+		syslog(LOG_ERR, "unveil: %m");
+		exit(1);
+	}
 	if (pledge("stdio rpath wpath cpath", NULL) == -1) {
 		syslog(LOG_ERR, "pledge: %m");
 		exit(1);