On Thu, Jul 02, 2020 at 12:39:47PM -0600, Theo de Raadt wrote:
> The unveil("/", "x") is to support command executation:
Of course. Forgot that.
bluhm
Index: usr.sbin/sensorsd/sensorsd.c
===
RCS file:
The unveil("/", "x") is to support command executation:
daemon facility. Optionally, an alert can be configured to execute a
command.
Your proposal breaks that. It will need to be added back.
Alexander Bluhm wrote:
> Hi,
>
> sensorsd(8) reports an unveil failure due to chdir / .
Hi,
sensorsd(8) reports an unveil failure due to chdir / . An additional
"r" permission would be necessary.
- chdir before unveil, do not unveil /
- use absolute config path after chdir, also necessary for SIGHUP
- /etc/sensorsd.conf.db must be unveiled, cgetent(3) tries to open it
ok?
bluhm
