From: florian <florian@openbsd.org>
Date: Fri, 16 Aug 2024 16:00:30 +0000 (+0000)
Subject: Add pledge & unveil.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=5b1c629843a1385acb9b52fab5c1511797a7f61d;p=openbsd

Add pledge & unveil.

The rpc library needs read access to the rpc database in
/etc/rpc. Other than that rpcinfo only uses AF_INET sockets.

With -b, rpcinfo(8) uses gethostbyaddr(3) to report hosts that
responded, so add "dns" pledge as well.

OK bluhm, miod
---

diff --git a/usr.bin/rpcinfo/rpcinfo.c b/usr.bin/rpcinfo/rpcinfo.c
index f55eabcad3e..c407170cc52 100644
--- a/usr.bin/rpcinfo/rpcinfo.c
+++ b/usr.bin/rpcinfo/rpcinfo.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: rpcinfo.c,v 1.18 2024/08/12 06:19:24 florian Exp $	*/
+/*	$OpenBSD: rpcinfo.c,v 1.19 2024/08/16 16:00:30 florian Exp $	*/
 
 /*
  * Copyright (c) 2010, Oracle America, Inc.
@@ -50,6 +50,7 @@
 #include <errno.h>
 #include <limits.h>
 #include <arpa/inet.h>
+#include <err.h>
 
 #define MAXHOSTLEN 256
 
@@ -94,6 +95,15 @@ main(int argc, char *argv[])
 	function = NONE;
 	portnum = 0;
 	errflg = 0;
+
+	if (unveil("/etc/rpc", "r") == -1)
+		err(1, "unveil /");
+	if (unveil(NULL, NULL) == -1)
+		err(1, "unveil");
+
+	if (pledge("stdio inet dns rpath", NULL) == -1)
+		err(1, "pledge");
+
 	while ((c = getopt(argc, argv, "ptubdsn:")) != -1) {
 		switch (c) {