Unveil the special files needed for reading AML tables, and the

directory for placement.  We can only protect the directory case,
since the file_prefix+sig+id case is too large to enumerate.

1 files changed, 18 insertions, 11 deletions

diff --git a/usr.sbin/acpidump/acpidump.c b/usr.sbin/acpidump/acpidump.c
index 35e2cf92b3a..507f05181e0 100644
--- a/usr.sbin/acpidump/acpidump.c
+++ b/usr.sbin/acpidump/acpidump.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: acpidump.c,v 1.20 2018/08/03 15:29:51 deraadt Exp $	*/
+/*	$OpenBSD: acpidump.c,v 1.21 2018/08/08 18:46:04 deraadt Exp $	*/
 /*
  * Copyright (c) 2000 Mitsuru IWASAKI <iwasaki@FreeBSD.org>
  * All rights reserved.
@@ -606,20 +606,27 @@ asl_dump_from_devmem(void)
 	if (aml_dumpdir) {
 		if (unveil(aml_dumpfile, "wc") == -1)
 			err(1, "unveil");
-		if (unveil(_PATH_MEM, "r") == -1)
+	} else if (aml_dumpfile[0] == '/') {	/* admittedly pretty shitty */
+		if (unveil("/", "wc") == -1)
 			err(1, "unveil");
-		if (unveil(_PATH_KMEM, "r") == -1)
-			err(1, "unveil");
-		if (unveil(_PATH_KVMDB, "r") == -1)
-			err(1, "unveil");
-		if (unveil(_PATH_KSYMS, "r") == -1)
-			err(1, "unveil");
-		if (unveil(_PATH_UNIX, "r") == -1)
+	} else {
+		if (unveil(".", "wc") == -1)
 			err(1, "unveil");
-		if (pledge("stdio rpath wpath cpath", NULL) == -1)
-			err(1, "pledge");
 	}
 
+	if (unveil(_PATH_MEM, "r") == -1)
+		err(1, "unveil");
+	if (unveil(_PATH_KMEM, "r") == -1)
+		err(1, "unveil");
+	if (unveil(_PATH_KVMDB, "r") == -1)
+		err(1, "unveil");
+	if (unveil(_PATH_KSYMS, "r") == -1)
+		err(1, "unveil");
+	if (unveil(_PATH_UNIX, "r") == -1)
+		err(1, "unveil");
+	if (pledge("stdio rpath wpath cpath", NULL) == -1)
+		err(1, "pledge");
+
 	rp = acpi_find_rsd_ptr();
 	if (!rp)
 		errx(1, "Can't find ACPI information");