From 2ecd7ab272f0c2b4cac9dc5cd9ee62f2a798370e Mon Sep 17 00:00:00 2001 From: kn Date: Thu, 11 Mar 2021 18:12:41 +0000 Subject: [PATCH] Use unveil(2) Pledge is not possible due to the ioctls, but as apmd hoists both the control socket and apm device early at startup and only ever possibly executes scripts under /etc/apm/, hiding the rest of the filesystem becomes easy. Technically, only "x" is required to traverse the directory and run scripts, but apmd carefully access(2) each script, which requires the read bit regardless of the permission bits being tested. OK mestre --- usr.sbin/apmd/apmd.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/usr.sbin/apmd/apmd.c b/usr.sbin/apmd/apmd.c index f5206568959..ae8cef32be8 100644 --- a/usr.sbin/apmd/apmd.c +++ b/usr.sbin/apmd/apmd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: apmd.c,v 1.99 2020/09/28 21:35:14 jca Exp $ */ +/* $OpenBSD: apmd.c,v 1.100 2021/03/11 18:12:41 kn Exp $ */ /* * Copyright (c) 1995, 1996 John T. Kohl @@ -490,6 +490,11 @@ main(int argc, char *argv[]) if (statonly) exit(0); + if (unveil(_PATH_APM_ETC_DIR, "rx") == -1) + err(1, "unveil"); + if (unveil(NULL, NULL) == -1) + err(1, "unveil"); + set_driver_messages(ctl_fd, APM_PRINT_OFF); kq = kqueue(); -- 2.20.1