diff options
| author | Ricardo Mestre <mestre@cvs.openbsd.org> | 2021-12-15 11:21:36 +0000 |
|---|---|---|
| committer | Ricardo Mestre <mestre@cvs.openbsd.org> | 2021-12-15 11:21:36 +0000 |
| commit | a465cf181dfdbde446720500bac36bb4f8e3883b (patch) | |
| tree | 476ffd39fc5d224b483f7c78fe8d691025a315d6 /usr.bin | |
| parent | 8a5a58fe755f4289737f2695ee0506b80c8eed5c (diff) | |
restrict all filesystem access with unveil(2).
hid_start(3) opens `table' through libusbhid, then usbhidctl(1) itself opens
`dev', after that it's just performing ioctls on the fd left opened by the
latter so all fs access can be disabled.
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/usbhidctl/usbhid.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.bin/usbhidctl/usbhid.c b/usr.bin/usbhidctl/usbhid.c index 25cc61bdf93..1560bb365d4 100644 --- a/usr.bin/usbhidctl/usbhid.c +++ b/usr.bin/usbhidctl/usbhid.c @@ -1,4 +1,4 @@ -/* $OpenBSD: usbhid.c,v 1.17 2021/05/31 18:30:11 jcs Exp $ */ +/* $OpenBSD: usbhid.c,v 1.18 2021/12/15 11:21:35 mestre Exp $ */ /* $NetBSD: usbhid.c,v 1.22 2002/02/20 20:30:42 christos Exp $ */ /* @@ -941,6 +941,11 @@ main(int argc, char **argv) if (hidfd == -1) err(1, "%s", dev); + if (unveil("/", "") == -1) + err(1, "unveil /"); + if (unveil(NULL, NULL) == -1) + err(1, "unveil"); + if (ioctl(hidfd, USB_GET_REPORT_ID, &reportid) == -1) reportid = -1; if (verbose > 1) |