From e666e390b68716c1c314f8cecf1a02bd79ac86f4 Mon Sep 17 00:00:00 2001
From: Ricardo Mestre <mestre@cvs.openbsd.org>
Date: Sat, 30 Nov 2019 14:02:48 +0000
Subject: unveil(2) /dev with read permissions since it's the only directory
 usbdevs(8) will read from

OK kn@
---
 usr.sbin/usbdevs/usbdevs.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/usr.sbin/usbdevs/usbdevs.c b/usr.sbin/usbdevs/usbdevs.c
index d41e7ad868a..165f668b527 100644
--- a/usr.sbin/usbdevs/usbdevs.c
+++ b/usr.sbin/usbdevs/usbdevs.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: usbdevs.c,v 1.31 2019/04/14 18:16:19 deraadt Exp $	*/
+/*	$OpenBSD: usbdevs.c,v 1.32 2019/11/30 14:02:47 mestre Exp $	*/
 /*	$NetBSD: usbdevs.c,v 1.19 2002/02/21 00:34:31 christos Exp $	*/
 
 /*
@@ -267,6 +267,11 @@ main(int argc, char **argv)
 	if (argc != 0)
 		usage();
 
+	if (unveil("/dev", "r") == -1)
+		err(1, "unveil");
+	if (unveil(NULL, NULL) == -1)
+		err(1, "unveil");
+
 	if (dev == 0) {
 		for (ncont = 0, i = 0; i < 10; i++) {
 			snprintf(buf, sizeof buf, "%s%d", USBDEV, i);
-- 
cgit v1.2.3