diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2018-08-07 18:39:57 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2018-08-07 18:39:57 +0000 |
commit | 1c23e48616582e6da667ccebaf123452520a1876 (patch) | |
tree | ac76fd47b7c338d9c77fe0360ddafbecb6b15aab /usr.sbin | |
parent | f374f46d7eb56470288686a96d8ab16a1385b6ae (diff) |
Unveil is used at tail of initialization to allow "r" of /tftpboot
(that decides whether rarpd should reply), and /etc/ethers "r" for
debug reporting.
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/rarpd/rarpd.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/usr.sbin/rarpd/rarpd.c b/usr.sbin/rarpd/rarpd.c index c3eeed4bff7..56d98844420 100644 --- a/usr.sbin/rarpd/rarpd.c +++ b/usr.sbin/rarpd/rarpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rarpd.c,v 1.74 2018/06/01 07:36:13 tb Exp $ */ +/* $OpenBSD: rarpd.c,v 1.75 2018/08/07 18:39:56 deraadt Exp $ */ /* $NetBSD: rarpd.c,v 1.25 1998/04/23 02:48:33 mrg Exp $ */ /* @@ -95,6 +95,10 @@ int fflag = 0; /* don't fork */ int lflag = 0; /* log all replies */ int tflag = 0; /* tftpboot check */ +#ifndef TFTP_DIR +#define TFTP_DIR "/tftpboot" +#endif + int main(int argc, char *argv[]) { @@ -334,6 +338,10 @@ rarp_loop(void) arptab_init(); + if (unveil(TFTP_DIR, "r") == -1) + error("unveil"); + if (unveil("/etc/ethers", "r") == -1) + error("unveil"); if (pledge("stdio rpath dns", NULL) == -1) error("pledge"); @@ -388,10 +396,6 @@ rarp_loop(void) free(pfd); } -#ifndef TFTP_DIR -#define TFTP_DIR "/tftpboot" -#endif - /* * True if this server can boot the host whose IP address is 'addr'. * This check is made by looking in the tftp directory for the |