On Fri, Mar 20, 2020 at 08:39:10PM +0100, [email protected] wrote:
> commit 5ee8c07e7e3e601fce49fbc2b170227924be3804
> Author: Laslo Hunhold <[email protected]>
> AuthorDate: Fri Mar 20 20:35:34 2020 +0100
> Commit: Laslo Hunhold <[email protected]>
> CommitDate: Fri Mar 20 20:35:34 2020 +0100
>
> Fix unveil(2) usage
>
> Thanks to the feedback by z0lqLA! I forgot that unveil(NULL, NULL)
> only locks further unveil calls when there has been at least _one_ prior
> call to unveil!
>
> To fix this, we reorder the calls and also make sure to call unveil()
> before we disallow unveils via pledge.
>
> Signed-off-by: Laslo Hunhold <[email protected]>
>
> diff --git a/main.c b/main.c
> index c1ff489..eab952d 100644
> --- a/main.c
> +++ b/main.c
> @@ -387,10 +387,13 @@ main(int argc, char *argv[])
> exit(0);
> default:
> /* limit ourselves even further while we are waiting */
> - eunveil(NULL, NULL);
> if (udsname) {
> + eunveil(udsname, "c");
> + eunveil(NULL, NULL);
> epledge("stdio cpath", NULL);
> } else {
> + eunveil("/", "");
> + eunveil(NULL, NULL);
> epledge("stdio", NULL);
> }
>
>
Hi,
The eunveil(NULL, NULL) lines are not needed here, because pledge is called
right after without the "unveil" promise (but it doesn't really matter except
saving 2 lines).
from the unveil(2) man page:
"After establishing a collection of path and permissions rules, future
calls to unveil() can be disabled by passing two NULL arguments.
Alternatively, pledge(2) may be used to remove the "unveil" promise."
--
Kind regards,
Hiltjo
