restrict all filesystem access with unveil(2).

hid_start(3) opens `table' through libusbhid, then usbhidctl(1) itself opens
`dev', after that it's just performing ioctls on the fd left opened by the
latter so all fs access can be disabled.

diff --git a/usr.bin/usbhidctl/usbhid.c b/usr.bin/usbhidctl/usbhid.c
index 25cc61b..1560bb3 100644 (file)
--- a/usr.bin/usbhidctl/usbhid.c
+++ b/usr.bin/usbhidctl/usbhid.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: usbhid.c,v 1.17 2021/05/31 18:30:11 jcs Exp $ */
+/*     $OpenBSD: usbhid.c,v 1.18 2021/12/15 11:21:35 mestre Exp $      */
 /*      $NetBSD: usbhid.c,v 1.22 2002/02/20 20:30:42 christos Exp $ */
 
 /*
@@ -941,6 +941,11 @@ main(int argc, char **argv)
        if (hidfd == -1)
                err(1, "%s", dev);
 
+       if (unveil("/", "") == -1)
+               err(1, "unveil /");
+       if (unveil(NULL, NULL) == -1)
+               err(1, "unveil");
+
        if (ioctl(hidfd, USB_GET_REPORT_ID, &reportid) == -1)
                reportid = -1;
        if (verbose > 1)