From feba4f1b3c9d316ec15382a0beb08bf21e734627 Mon Sep 17 00:00:00 2001 From: deraadt Date: Fri, 3 Aug 2018 04:47:56 +0000 Subject: [PATCH] The first unveil userland commit! unveil _PATH_LOGIN_CONF (/etc/login.conf) which is used by login_getclass(3) and family before doing password encode. This is the only filename used by the program during runtime, everything else happens on stdin/stdout. --- usr.bin/encrypt/encrypt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/usr.bin/encrypt/encrypt.c b/usr.bin/encrypt/encrypt.c index 797bf397aa4..48e1d54df57 100644 --- a/usr.bin/encrypt/encrypt.c +++ b/usr.bin/encrypt/encrypt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encrypt.c,v 1.48 2018/08/03 04:19:34 deraadt Exp $ */ +/* $OpenBSD: encrypt.c,v 1.49 2018/08/03 04:47:56 deraadt Exp $ */ /* * Copyright (c) 1996, Jason Downs. All rights reserved. @@ -95,6 +95,8 @@ main(int argc, char **argv) char *extra = NULL; /* Store login class or number of rounds */ const char *errstr; + if (unveil(_PATH_LOGIN_CONF, "r") == -1) + err(1, "unveil"); if (pledge("stdio rpath tty", NULL) == -1) err(1, "pledge"); -- 2.20.1