summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2018-08-07 18:39:57 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2018-08-07 18:39:57 +0000
commit1c23e48616582e6da667ccebaf123452520a1876 (patch)
treeac76fd47b7c338d9c77fe0360ddafbecb6b15aab /usr.sbin
parentf374f46d7eb56470288686a96d8ab16a1385b6ae (diff)
Unveil is used at tail of initialization to allow "r" of /tftpboot
(that decides whether rarpd should reply), and /etc/ethers "r" for debug reporting.
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/rarpd/rarpd.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/usr.sbin/rarpd/rarpd.c b/usr.sbin/rarpd/rarpd.c
index c3eeed4bff7..56d98844420 100644
--- a/usr.sbin/rarpd/rarpd.c
+++ b/usr.sbin/rarpd/rarpd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rarpd.c,v 1.74 2018/06/01 07:36:13 tb Exp $ */
+/* $OpenBSD: rarpd.c,v 1.75 2018/08/07 18:39:56 deraadt Exp $ */
/* $NetBSD: rarpd.c,v 1.25 1998/04/23 02:48:33 mrg Exp $ */
/*
@@ -95,6 +95,10 @@ int fflag = 0; /* don't fork */
int lflag = 0; /* log all replies */
int tflag = 0; /* tftpboot check */
+#ifndef TFTP_DIR
+#define TFTP_DIR "/tftpboot"
+#endif
+
int
main(int argc, char *argv[])
{
@@ -334,6 +338,10 @@ rarp_loop(void)
arptab_init();
+ if (unveil(TFTP_DIR, "r") == -1)
+ error("unveil");
+ if (unveil("/etc/ethers", "r") == -1)
+ error("unveil");
if (pledge("stdio rpath dns", NULL) == -1)
error("pledge");
@@ -388,10 +396,6 @@ rarp_loop(void)
free(pfd);
}
-#ifndef TFTP_DIR
-#define TFTP_DIR "/tftpboot"
-#endif
-
/*
* True if this server can boot the host whose IP address is 'addr'.
* This check is made by looking in the tftp directory for the