From: deraadt Date: Tue, 7 Aug 2018 18:28:05 +0000 (+0000) Subject: unveil can be used to restrict access to utmp and /dev X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=9b5cd4f05cb6d6032b4a685026cfc7ba8556924b;p=openbsd unveil can be used to restrict access to utmp and /dev --- diff --git a/usr.bin/wall/wall.c b/usr.bin/wall/wall.c index b45c4e6e44b..d07e54c7d23 100644 --- a/usr.bin/wall/wall.c +++ b/usr.bin/wall/wall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: wall.c,v 1.32 2016/08/01 20:30:25 martijn Exp $ */ +/* $OpenBSD: wall.c,v 1.33 2018/08/07 18:28:05 deraadt Exp $ */ /* $NetBSD: wall.c,v 1.6 1994/11/17 07:17:58 jtc Exp $ */ /* @@ -115,6 +115,10 @@ main(int argc, char **argv) makemsg(*argv); + if (unveil(_PATH_UTMP, "r") == -1) + err(1, "unveil"); + if (unveil(_PATH_DEV, "w") == -1) + err(1, "unveil"); if (pledge("stdio rpath wpath getpw proc", NULL) == -1) err(1, "pledge");