From: jmatthew <jmatthew@openbsd.org>
Date: Wed, 15 Dec 2021 11:36:40 +0000 (+0000)
Subject: ldapd always uses O_CREAT when reopening database files, so the database
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=819d16466cc38c08fd362905605028b4ad9eea25;p=openbsd

ldapd always uses O_CREAT when reopening database files, so the database
directory must be unveiled with "rwc" rather than just "rw".

ok deraadt@ mestre@
---

diff --git a/usr.sbin/ldapd/ldapd.c b/usr.sbin/ldapd/ldapd.c
index 0bb6a59b674..34a098f6ab8 100644
--- a/usr.sbin/ldapd/ldapd.c
+++ b/usr.sbin/ldapd/ldapd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ldapd.c,v 1.30 2021/12/15 04:00:15 deraadt Exp $ */
+/*	$OpenBSD: ldapd.c,v 1.31 2021/12/15 11:36:40 jmatthew Exp $ */
 
 /*
  * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se>
@@ -243,7 +243,7 @@ main(int argc, char *argv[])
 		err(1, "unveil %s.db", _PATH_LOGIN_CONF);
 	if (unveil(_PATH_AUTHPROGDIR, "x") == -1)
 		err(1, "unveil %s", _PATH_AUTHPROGDIR);
-	if (unveil(datadir, "rw") == -1)
+	if (unveil(datadir, "rwc") == -1)
 		err(1, "unveil %s", datadir);
 	if (unveil(NULL, NULL) == -1)
 		err(1, "unveil");