Hi,
I've just commited this to unveil vipw, all the tests I've done were
successful and didn't bump into any problems, nevertheless if you get any
troubles because of this, like getting locked out of the machine, please let me
know ASAP!!!!!
Index: vipw.c
===================================================================
RCS file: /cvs/src/usr.sbin/vipw/vipw.c,v
retrieving revision 1.21
diff -u -p -u -r1.21 vipw.c
--- vipw.c 12 Jul 2017 23:10:28 -0000 1.21
+++ vipw.c 25 Sep 2018 14:45:57 -0000
@@ -34,6 +34,7 @@
#include <err.h>
#include <fcntl.h>
+#include <paths.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
@@ -62,6 +63,14 @@ main(int argc, char *argv[])
if (argc != 0)
usage();
+ if (unveil(_PATH_MASTERPASSWD_LOCK, "wc") == -1)
+ err(1, "unveil");
+ if (unveil(_PATH_MASTERPASSWD, "r") == -1)
+ err(1, "unveil");
+ if (unveil(_PATH_BSHELL, "x") == -1)
+ err(1, "unveil");
+ if (unveil(_PATH_PWD_MKDB, "x") == -1)
+ err(1, "unveil");
if (pledge("stdio rpath wpath cpath fattr proc exec", NULL) == -1)
err(1, "pledge");
