Hi,
The diff below unveils passwd with exactly the same ones used on vipw, the only
difference is that in this case _PATH_BSHELL is used to spawn an external
passwordcheck program (if defined in /etc/login.conf) instead of an EDITOR.
Tested by changing my users' passwords back and forth several times, but if you
want to test this please backup your /etc/master.passwd first otherwise it may
eat your kittens!
OK?
Index: local_passwd.c
===================================================================
RCS file: /cvs/src/usr.bin/passwd/local_passwd.c,v
retrieving revision 1.53
diff -u -p -u -r1.53 local_passwd.c
--- local_passwd.c 30 Dec 2016 23:32:14 -0000 1.53
+++ local_passwd.c 24 Oct 2018 09:18:44 -0000
@@ -36,6 +36,7 @@
#include <err.h>
#include <errno.h>
#include <fcntl.h>
+#include <paths.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
@@ -71,6 +72,14 @@ local_passwd(char *uname, int authentica
return(1);
}
+ if (unveil(_PATH_MASTERPASSWD_LOCK, "wc") == -1)
+ err(1, "unveil");
+ if (unveil(_PATH_MASTERPASSWD, "r") == -1)
+ err(1, "unveil");
+ if (unveil(_PATH_BSHELL, "x") == -1)
+ err(1, "unveil");
+ if (unveil(_PATH_PWD_MKDB, "x") == -1)
+ err(1, "unveil");
if (pledge("stdio rpath wpath cpath getpw tty id proc exec", NULL) ==
-1)
err(1, "pledge");
