this one's better
- use the correct unveil pattern, pointed out by brynet@
- argv[0] vs. argv[i], pointed out by Matthew Martin and Mario Campos
diff --git ifconfig.c ifconfig.c
index 9bfb1751aab..20154059394 100644
--- ifconfig.c
+++ ifconfig.c
@@ -676,10 +676,15 @@ main(int argc, char *argv[])
int create = 0;
int Cflag = 0;
int gflag = 0;
+ int found_rulefile = 0;
int i;
/* If no args at all, print all interfaces. */
if (argc < 2) {
+ if (unveil("/", "") == -1)
+ err(1, "unveil");
+ if (unveil(NULL, NULL) == -1)
+ err(1, "unveil");
aflag = 1;
printif(NULL, 0);
return (0);
@@ -721,6 +726,21 @@ main(int argc, char *argv[])
} else if (strlcpy(name, *argv, sizeof(name)) >= IFNAMSIZ)
errx(1, "interface name '%s' too long", *argv);
argc--, argv++;
+
+ for (i = 0; i < argc; i++) {
+ if (strcmp(argv[i], "rulefile") == 0) {
+ found_rulefile = 1;
+ break;
+ }
+ }
+
+ if (!found_rulefile) {
+ if (unveil("/", "") == -1)
+ err(1, "unveil");
+ if (unveil(NULL, NULL) == -1)
+ err(1, "unveil");
+ }
+
if (argc > 0) {
for (afp = rafp = afs; rafp->af_name; rafp++)
if (strcmp(rafp->af_name, *argv) == 0) {
--
I'm not entirely sure you are real.
