lockspool only plays with files in _PATH_MAILDIR, so unveil that path. · openbsd/src@3f17513

Commit

lockspool only plays with files in _PATH_MAILDIR, so unveil that path.

deraadt committed Aug 8, 2018

1 parent bd685d1 commit 3f17513

libexec/lockspool/lockspool.c

-Original file line number
+Diff line change
@@ -1,4 +1,4 @@
-    /*	$OpenBSD: lockspool.c,v 1.18 2015/11/24 00:19:29 deraadt Exp $	*/
+    /*	$OpenBSD: lockspool.c,v 1.19 2018/08/08 22:59:33 deraadt Exp $	*/
     /*
      * Copyright (c) 1998 Theo de Raadt <deraadt@theos.com>
@@ Expand Down Expand Up / @@ -32,6 +32,7 @@ @@
     #include <unistd.h>
     #include <errno.h>
     #include <stdio.h>
+    #include <paths.h>
     #include <stdlib.h>
     #include <poll.h>
     #include <err.h>
@@ Expand All / @@ -52,6 +53,8 @@ main(int argc, char *argv[]) @@
     	char *from, c;
     	int holdfd;
+    	if (unveil(_PATH_MAILDIR, "rwc") == -1)
+    		err(1, "unveil");
     	if (pledge("stdio rpath wpath getpw cpath fattr", NULL) == -1)
     		err(1, "pledge");
@@ Expand Down @@

Please sign in to comment.