diff options
| author | kn <kn@cvs.openbsd.org> | 2021-03-11 18:12:42 +0000 |
|---|---|---|
| committer | kn <kn@cvs.openbsd.org> | 2021-03-11 18:12:42 +0000 |
| commit | edc0adae44ef72d1efee0430764604ba67e5a113 (patch) | |
| tree | cd0315228b7ae44f66eb69e4f4db522885c742ed /usr.sbin | |
| parent | 6064c15d39b23887c7dab99a62ac9ead90f86e21 (diff) | |
Use unveil(2)
Pledge is not possible due to the ioctls, but as apmd hoists both the
control socket and apm device early at startup and only ever possibly
executes scripts under /etc/apm/, hiding the rest of the filesystem
becomes easy.
Technically, only "x" is required to traverse the directory and run
scripts, but apmd carefully access(2) each script, which requires
the read bit regardless of the permission bits being tested.
OK mestre
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/apmd/apmd.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/apmd/apmd.c b/usr.sbin/apmd/apmd.c index f5206568959..ae8cef32be8 100644 --- a/usr.sbin/apmd/apmd.c +++ b/usr.sbin/apmd/apmd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: apmd.c,v 1.99 2020/09/28 21:35:14 jca Exp $ */ +/* $OpenBSD: apmd.c,v 1.100 2021/03/11 18:12:41 kn Exp $ */ /* * Copyright (c) 1995, 1996 John T. Kohl @@ -490,6 +490,11 @@ main(int argc, char *argv[]) if (statonly) exit(0); + if (unveil(_PATH_APM_ETC_DIR, "rx") == -1) + err(1, "unveil"); + if (unveil(NULL, NULL) == -1) + err(1, "unveil"); + set_driver_messages(ctl_fd, APM_PRINT_OFF); kq = kqueue(); |