diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2018-09-24 21:26:39 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2018-09-24 21:26:39 +0000 |
| commit | e909a9f4cc0da7cac1a29bf4520a45c7a0d71051 (patch) | |
| tree | af2d1aa5d98619ecf3c23197b339e075f1db8b5d /sbin | |
| parent | 4448fbbaceca0b117857a2481280595dcde2ba19 (diff) | |
After opening required descriptors, savecore only plays in one directory
so use unveil(2).
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/savecore/savecore.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sbin/savecore/savecore.c b/sbin/savecore/savecore.c index a96c618c621..8b2a6cf50d0 100644 --- a/sbin/savecore/savecore.c +++ b/sbin/savecore/savecore.c @@ -1,4 +1,4 @@ -/* $OpenBSD: savecore.c,v 1.57 2016/09/01 14:12:07 tedu Exp $ */ +/* $OpenBSD: savecore.c,v 1.58 2018/09/24 21:26:38 deraadt Exp $ */ /* $NetBSD: savecore.c,v 1.26 1996/03/18 21:16:05 leo Exp $ */ /*- @@ -171,6 +171,10 @@ main(int argc, char *argv[]) (void)time(&now); kmem_setup(); + if (unveil(dirn, "rwc") == -1) { + syslog(LOG_ERR, "unveil: %m"); + exit(1); + } if (pledge("stdio rpath wpath cpath", NULL) == -1) { syslog(LOG_ERR, "pledge: %m"); exit(1); |