artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b00f338) | patch
restrict filesystem access with unveil(2).
authormestre <mestre@openbsd.org>
Wed, 15 Dec 2021 11:23:09 +0000 (11:23 +0000)
committermestre <mestre@openbsd.org>
Wed, 15 Dec 2021 11:23:09 +0000 (11:23 +0000)
commit03319b45cc1f3277359a819df3ba0f4199cab101
treea972cd6a304687caed9815fe779825ac7ef04d55tree | snapshot
parentb00f338989dc039b32121c9fd6c7d64b6b69bd13commit | diff
restrict filesystem access with unveil(2).

this one opens the default table file "/usr/share/misc/usb_hid_usages" through
hid_start(3) from libusbhid, then `dev' (will be the fd used on the ioctls)
and finally `conf' which is the file with the actions to be monitored. `conf'
needs to be unveil(2)ed with read perms since usbhidaction(1) can run as daemon
and this file will be re-read if a SIGHUP is catched.

looks good deraadt@
usr.bin/usbhidaction/usbhidaction.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim