From: deraadt <deraadt@openbsd.org>
Date: Fri, 3 Aug 2018 04:47:56 +0000 (+0000)
Subject: The first unveil userland commit!
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=feba4f1b3c9d316ec15382a0beb08bf21e734627;p=openbsd

The first unveil userland commit!

unveil _PATH_LOGIN_CONF (/etc/login.conf) which is used by
login_getclass(3) and family before doing password encode.  This
is the only filename used by the program during runtime, everything
else happens on stdin/stdout.
---

diff --git a/usr.bin/encrypt/encrypt.c b/usr.bin/encrypt/encrypt.c
index 797bf397aa4..48e1d54df57 100644
--- a/usr.bin/encrypt/encrypt.c
+++ b/usr.bin/encrypt/encrypt.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: encrypt.c,v 1.48 2018/08/03 04:19:34 deraadt Exp $	*/
+/*	$OpenBSD: encrypt.c,v 1.49 2018/08/03 04:47:56 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1996, Jason Downs.  All rights reserved.
@@ -95,6 +95,8 @@ main(int argc, char **argv)
 	char *extra = NULL;	/* Store login class or number of rounds */
 	const char *errstr;
 
+	if (unveil(_PATH_LOGIN_CONF, "r") == -1)
+		err(1, "unveil");
 	if (pledge("stdio rpath tty", NULL) == -1)
 		err(1, "pledge");