commit 5ee8c07e7e3e601fce49fbc2b170227924be3804
Author: Laslo Hunhold <[email protected]>
AuthorDate: Fri Mar 20 20:35:34 2020 +0100
Commit: Laslo Hunhold <[email protected]>
CommitDate: Fri Mar 20 20:35:34 2020 +0100
Fix unveil(2) usage
Thanks to the feedback by z0lqLA! I forgot that unveil(NULL, NULL)
only locks further unveil calls when there has been at least _one_ prior
call to unveil!
To fix this, we reorder the calls and also make sure to call unveil()
before we disallow unveils via pledge.
Signed-off-by: Laslo Hunhold <[email protected]>
diff --git a/main.c b/main.c
index c1ff489..eab952d 100644
--- a/main.c
+++ b/main.c
@@ -387,10 +387,13 @@ main(int argc, char *argv[])
exit(0);
default:
/* limit ourselves even further while we are waiting */
- eunveil(NULL, NULL);
if (udsname) {
+ eunveil(udsname, "c");
+ eunveil(NULL, NULL);
epledge("stdio cpath", NULL);
} else {
+ eunveil("/", "");
+ eunveil(NULL, NULL);
epledge("stdio", NULL);
}
