From 4f02b01474717da73c3f0a97aeaad808766d71e9 Mon Sep 17 00:00:00 2001 From: deraadt Date: Tue, 7 Aug 2018 18:39:56 +0000 Subject: [PATCH] Unveil is used at tail of initialization to allow "r" of /tftpboot (that decides whether rarpd should reply), and /etc/ethers "r" for debug reporting. --- usr.sbin/rarpd/rarpd.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/usr.sbin/rarpd/rarpd.c b/usr.sbin/rarpd/rarpd.c index c3eeed4bff7..56d98844420 100644 --- a/usr.sbin/rarpd/rarpd.c +++ b/usr.sbin/rarpd/rarpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rarpd.c,v 1.74 2018/06/01 07:36:13 tb Exp $ */ +/* $OpenBSD: rarpd.c,v 1.75 2018/08/07 18:39:56 deraadt Exp $ */ /* $NetBSD: rarpd.c,v 1.25 1998/04/23 02:48:33 mrg Exp $ */ /* @@ -95,6 +95,10 @@ int fflag = 0; /* don't fork */ int lflag = 0; /* log all replies */ int tflag = 0; /* tftpboot check */ +#ifndef TFTP_DIR +#define TFTP_DIR "/tftpboot" +#endif + int main(int argc, char *argv[]) { @@ -334,6 +338,10 @@ rarp_loop(void) arptab_init(); + if (unveil(TFTP_DIR, "r") == -1) + error("unveil"); + if (unveil("/etc/ethers", "r") == -1) + error("unveil"); if (pledge("stdio rpath dns", NULL) == -1) error("pledge"); @@ -388,10 +396,6 @@ rarp_loop(void) free(pfd); } -#ifndef TFTP_DIR -#define TFTP_DIR "/tftpboot" -#endif - /* * True if this server can boot the host whose IP address is 'addr'. * This check is made by looking in the tftp directory for the -- 2.20.1