From: martijn Date: Thu, 1 Sep 2022 13:24:28 +0000 (+0000) Subject: At the moment unveil(2) doesn't check the path for bind(2) or connect(2). X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=6feeaaf0d669ffc8919e729ab17689d3884f9c72;p=openbsd At the moment unveil(2) doesn't check the path for bind(2) or connect(2). This is about to change and connect(2) will require "w", not "r". OK deraadt@ florian@ mestre@ --- diff --git a/sbin/resolvd/resolvd.c b/sbin/resolvd/resolvd.c index d2fd5d7e7f0..eba39826122 100644 --- a/sbin/resolvd/resolvd.c +++ b/sbin/resolvd/resolvd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: resolvd.c,v 1.26 2022/05/21 13:54:19 deraadt Exp $ */ +/* $OpenBSD: resolvd.c,v 1.27 2022/09/01 13:24:28 martijn Exp $ */ /* * Copyright (c) 2021 Florian Obser * Copyright (c) 2021 Theo de Raadt @@ -223,7 +223,7 @@ main(int argc, char *argv[]) if (unveil(_PATH_RESCONF_NEW, "rwc") == -1) lerr(1, "unveil " _PATH_RESCONF_NEW); #ifndef SMALL - if (unveil(_PATH_UNWIND_SOCKET, "r") == -1) + if (unveil(_PATH_UNWIND_SOCKET, "w") == -1) lerr(1, "unveil " _PATH_UNWIND_SOCKET); #endif