Unveil is used at tail of initialization to allow "r" of /tftpboot

(that decides whether rarpd should reply), and /etc/ethers "r" for
debug reporting.

diff --git a/usr.sbin/rarpd/rarpd.c b/usr.sbin/rarpd/rarpd.c
index c3eeed4..56d9884 100644 (file)
--- a/usr.sbin/rarpd/rarpd.c
+++ b/usr.sbin/rarpd/rarpd.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: rarpd.c,v 1.74 2018/06/01 07:36:13 tb Exp $ */
+/*     $OpenBSD: rarpd.c,v 1.75 2018/08/07 18:39:56 deraadt Exp $ */
 /*     $NetBSD: rarpd.c,v 1.25 1998/04/23 02:48:33 mrg Exp $   */
 
 /*
@@ -95,6 +95,10 @@ int  fflag = 0;              /* don't fork */
 int    lflag = 0;              /* log all replies */
 int    tflag = 0;              /* tftpboot check */
 
+#ifndef TFTP_DIR
+#define TFTP_DIR "/tftpboot"
+#endif
+
 int
 main(int argc, char *argv[])
 {
@@ -334,6 +338,10 @@ rarp_loop(void)
 
        arptab_init();
 
+       if (unveil(TFTP_DIR, "r") == -1)
+               error("unveil");
+       if (unveil("/etc/ethers", "r") == -1)
+               error("unveil");
        if (pledge("stdio rpath dns", NULL) == -1)
                error("pledge");
 
@@ -388,10 +396,6 @@ rarp_loop(void)
        free(pfd);
 }
 
-#ifndef TFTP_DIR
-#define TFTP_DIR "/tftpboot"
-#endif
-
 /*
  * True if this server can boot the host whose IP address is 'addr'.
  * This check is made by looking in the tftp directory for the