From 6699d7aa933586aec134420cb1ee36038497e9c0 Mon Sep 17 00:00:00 2001 From: robert Date: Thu, 10 Feb 2022 13:06:46 +0000 Subject: [PATCH] unveil _PATH_LOGIN_CONF_D --- usr.bin/doas/doas.c | 4 +++- usr.bin/encrypt/encrypt.c | 4 +++- usr.bin/passwd/local_passwd.c | 4 +++- usr.bin/su/su.c | 4 +++- usr.sbin/ldapd/ldapd.c | 4 +++- 5 files changed, 15 insertions(+), 5 deletions(-) diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index 0172e0c1cf7..673ebd0927b 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.93 2021/11/30 20:08:15 tobias Exp $ */ +/* $OpenBSD: doas.c,v 1.94 2022/02/10 13:06:46 robert Exp $ */ /* * Copyright (c) 2015 Ted Unangst * @@ -434,6 +434,8 @@ main(int argc, char **argv) err(1, "unveil %s", _PATH_LOGIN_CONF); if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) err(1, "unveil %s.db", _PATH_LOGIN_CONF); + if (unveil(_PATH_LOGIN_CONF_D, "r") == -1) + err(1, "unveil %s", _PATH_LOGIN_CONF_D); if (rule->cmd) { if (setenv("PATH", safepath, 1) == -1) err(1, "failed to set PATH '%s'", safepath); diff --git a/usr.bin/encrypt/encrypt.c b/usr.bin/encrypt/encrypt.c index 04ea7c5b98f..9aa418fa7f7 100644 --- a/usr.bin/encrypt/encrypt.c +++ b/usr.bin/encrypt/encrypt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encrypt.c,v 1.51 2021/07/12 15:09:19 beck Exp $ */ +/* $OpenBSD: encrypt.c,v 1.52 2022/02/10 13:06:46 robert Exp $ */ /* * Copyright (c) 1996, Jason Downs. All rights reserved. @@ -99,6 +99,8 @@ main(int argc, char **argv) err(1, "unveil %s", _PATH_LOGIN_CONF); if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) err(1, "unveil %s.db", _PATH_LOGIN_CONF); + if (unveil(_PATH_LOGIN_CONF_D, "r") == -1) + err(1, "unveil %s", _PATH_LOGIN_CONF_D); if (pledge("stdio rpath tty", NULL) == -1) err(1, "pledge"); diff --git a/usr.bin/passwd/local_passwd.c b/usr.bin/passwd/local_passwd.c index 32b4de55486..2cd0c73b874 100644 --- a/usr.bin/passwd/local_passwd.c +++ b/usr.bin/passwd/local_passwd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: local_passwd.c,v 1.62 2021/10/24 21:24:17 deraadt Exp $ */ +/* $OpenBSD: local_passwd.c,v 1.63 2022/02/10 13:06:46 robert Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -80,6 +80,8 @@ local_passwd(char *uname, int authenticated) err(1, "unveil %s", _PATH_LOGIN_CONF); if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) err(1, "unveil %s.db", _PATH_LOGIN_CONF); + if (unveil(_PATH_LOGIN_CONF_D, "r") == -1) + err(1, "unveil %s", _PATH_LOGIN_CONF_D); if (unveil(_PATH_BSHELL, "x") == -1) err(1, "unveil %s", _PATH_BSHELL); if (unveil(_PATH_SHELLS, "r") == -1) diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index f9fb2c0ac88..f87e6690835 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -1,4 +1,4 @@ -/* $OpenBSD: su.c,v 1.84 2021/07/12 15:09:20 beck Exp $ */ +/* $OpenBSD: su.c,v 1.85 2022/02/10 13:06:46 robert Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. @@ -164,6 +164,8 @@ main(int argc, char **argv) err(1, "unveil %s", _PATH_LOGIN_CONF); if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) err(1, "unveil %s.db", _PATH_LOGIN_CONF); + if (unveil(_PATH_LOGIN_CONF_D, "r") == -1) + err(1, "unveil %s", _PATH_LOGIN_CONF_D); if (unveil(_PATH_AUTHPROGDIR, "x") == -1) err(1, "unveil %s", _PATH_AUTHPROGDIR); if (unveil(_PATH_SHELLS, "r") == -1) diff --git a/usr.sbin/ldapd/ldapd.c b/usr.sbin/ldapd/ldapd.c index 34a098f6ab8..d5713cc6de9 100644 --- a/usr.sbin/ldapd/ldapd.c +++ b/usr.sbin/ldapd/ldapd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ldapd.c,v 1.31 2021/12/15 11:36:40 jmatthew Exp $ */ +/* $OpenBSD: ldapd.c,v 1.32 2022/02/10 13:06:46 robert Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk @@ -241,6 +241,8 @@ main(int argc, char *argv[]) err(1, "unveil %s", _PATH_LOGIN_CONF); if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) err(1, "unveil %s.db", _PATH_LOGIN_CONF); + if (unveil(_PATH_LOGIN_CONF_D, "r") == -1) + err(1, "unveil %s", _PATH_LOGIN_CONF_D); if (unveil(_PATH_AUTHPROGDIR, "x") == -1) err(1, "unveil %s", _PATH_AUTHPROGDIR); if (unveil(datadir, "rwc") == -1) -- 2.20.1