From: claudio Date: Tue, 23 Feb 2021 14:25:29 +0000 (+0000) Subject: Adjust pledge() and unveil() calls for proc_rsync() a bit. Since the X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=69190818ab10e8b38d2fcde13b320e2524689cca;p=openbsd Adjust pledge() and unveil() calls for proc_rsync() a bit. Since the mkdir was moved to the main process there is no need for access to . in the rsync process. OK job@ deraadt@ --- diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index 19a8fd02274..a22e042f3b4 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.104 2021/02/22 09:46:05 claudio Exp $ */ +/* $OpenBSD: main.c,v 1.105 2021/02/23 14:25:29 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -941,8 +941,7 @@ main(int argc, char *argv[]) if (fchdir(cachefd) == -1) err(1, "fchdir"); - if (pledge("stdio rpath cpath proc exec unveil", NULL) - == -1) + if (pledge("stdio rpath proc exec unveil", NULL) == -1) err(1, "pledge"); proc_rsync(rsync_prog, bind_addr, fd[0]); diff --git a/usr.sbin/rpki-client/rsync.c b/usr.sbin/rpki-client/rsync.c index 1f00a6ee596..2497b50335b 100644 --- a/usr.sbin/rpki-client/rsync.c +++ b/usr.sbin/rpki-client/rsync.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsync.c,v 1.18 2021/02/19 08:14:49 claudio Exp $ */ +/* $OpenBSD: rsync.c,v 1.19 2021/02/23 14:25:29 claudio Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -160,13 +160,6 @@ proc_rsync(char *prog, char *bind_addr, int fd) } else if (unveil(prog, "x") == -1) err(1, "%s: unveil", prog); - /* Unveil the repository directory and terminate unveiling. */ - - if (unveil(".", "c") == -1) - err(1, "unveil"); - if (unveil(NULL, NULL) == -1) - err(1, "unveil"); - if (pledge("stdio proc exec", NULL) == -1) err(1, "pledge");