Unveil /tftpboot only if needed

Unless -t is used, this directory is not accessed in any way.

OK millert

diff --git a/usr.sbin/rarpd/rarpd.c b/usr.sbin/rarpd/rarpd.c
index fbb0b95..8810394 100644 (file)
--- a/usr.sbin/rarpd/rarpd.c
+++ b/usr.sbin/rarpd/rarpd.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: rarpd.c,v 1.79 2021/11/15 15:14:24 millert Exp $ */
+/*     $OpenBSD: rarpd.c,v 1.80 2022/10/04 07:01:38 kn Exp $ */
 /*     $NetBSD: rarpd.c,v 1.25 1998/04/23 02:48:33 mrg Exp $   */
 
 /*
@@ -339,8 +339,9 @@ rarp_loop(void)
 
        arptab_init();
 
-       if (unveil(TFTP_DIR, "r") == -1)
-               error("unveil %s", TFTP_DIR);
+       if (tflag)
+               if (unveil(TFTP_DIR, "r") == -1)
+                       error("unveil %s", TFTP_DIR);
        if (unveil("/etc/ethers", "r") == -1)
                error("unveil /etc/ethers");
        if (pledge("stdio rpath dns", NULL) == -1)