Re: unveil spamlogd

[Bob Beck]

ok beck@ as well

On Wed, Oct 24, 2018 at 06:13 Todd C. Miller  wrote:

> On Wed, 24 Oct 2018 08:05:11 +0100, Ricardo Mestre wrote:
>
> > The only file that spamlogd needs to access after calling pledge is
> > PATH_SPAMD_DB, so unveil it with O_RDWR permissions.
>
> Looks good.  OK millert@
>
>  - todd
>

Re: unveil spamlogd

[Todd C. Miller]

On Wed, 24 Oct 2018 08:05:11 +0100, Ricardo Mestre wrote:

> The only file that spamlogd needs to access after calling pledge is
> PATH_SPAMD_DB, so unveil it with O_RDWR permissions.

Looks good.  OK millert@

 - todd

unveil spamlogd

[Ricardo Mestre]

Hi,

The only file that spamlogd needs to access after calling pledge is
PATH_SPAMD_DB, so unveil it with O_RDWR permissions.

OK?

Index: spamlogd.c
===
RCS file: /cvs/src/libexec/spamlogd/spamlogd.c,v
retrieving revision 1.27
diff -u -p -u -r1.27 spamlogd.c
--- spamlogd.c  16 Mar 2016 14:47:04 -  1.27
+++ spamlogd.c  24 Oct 2018 07:00:09 -
@@ -375,6 +375,8 @@ main(int argc, char **argv)
openlog_r("spamlogd", LOG_PID | LOG_NDELAY, LOG_DAEMON, );
}
 
+   if (unveil(PATH_SPAMD_DB, "rw") == -1)
+   err(1, "unveil");
if (syncsend) {
if (pledge("stdio rpath wpath inet flock", NULL) == -1)
err(1, "pledge");