On Tue, Aug 21, 2018 at 09:51:52PM -0700, Carlos Cardenas wrote: > Patch to unveil vmctl. > > Comments/OK? >
OK reyk btw. paths[0] is an artifact from the old pledge paths argument. semarie@ removed it in -r1.13 of main.c but we both overlooked that paths[2] is not needed anymore and could just be turned into a non-array path variable. Reyk > +--+ > Carlos > Index: main.c > =================================================================== > RCS file: /home/los/cvs/src/usr.sbin/vmctl/main.c,v > retrieving revision 1.39 > diff -u -p -r1.39 main.c > --- main.c 12 Jul 2018 14:53:37 -0000 1.39 > +++ main.c 18 Aug 2018 23:22:39 -0000 > @@ -160,7 +160,7 @@ parse(int argc, char *argv[]) > > if (!ctl->has_pledge) { > /* pledge(2) default if command doesn't have its own pledge */ > - if (pledge("stdio rpath exec unix getpw", NULL) == -1) > + if (pledge("stdio rpath exec unix getpw unveil", NULL) == -1) > err(1, "pledge"); > } > if (ctl->main(&res, argc, argv) != 0) > @@ -185,6 +185,8 @@ vmmaction(struct parse_result *res) > unsigned int flags; > > if (ctl_sock == -1) { > + if (unveil(SOCKET_NAME, "r") == -1) > + err(1, "unveil"); > if ((ctl_sock = socket(AF_UNIX, > SOCK_STREAM|SOCK_CLOEXEC, 0)) == -1) > err(1, "socket"); > @@ -477,6 +479,10 @@ ctl_create(struct parse_result *res, int > > paths[0] = argv[1]; > paths[1] = NULL; > + > + if (unveil(paths[0], "rwc") == -1) > + err(1, "unveil"); > + > if (pledge("stdio rpath wpath cpath", NULL) == -1) > err(1, "pledge"); > argc--; > @@ -759,6 +765,8 @@ __dead void > ctl_openconsole(const char *name) > { > closefrom(STDERR_FILENO + 1); > + if (unveil(VMCTL_CU, "x") == -1) > + err(1, "unveil"); > execl(VMCTL_CU, VMCTL_CU, "-l", name, "-s", "115200", (char *)NULL); > err(1, "failed to open the console"); > } --