Re: unveil xserver's priv proc

Ricardo Mestre Wed, 24 Oct 2018 02:37:57 -0700

Hello,

semarie@ already gave positive feedback for unveiling xserver, did
anyone tested it yet and comment on it or OK?


Index: privsep.c
===================================================================
RCS file: /cvs/xenocara/xserver/os/privsep.c,v
retrieving revision 1.29
diff -u -p -u -r1.29 privsep.c
--- privsep.c   6 Aug 2018 20:11:34 -0000       1.29
+++ privsep.c   24 Oct 2018 09:35:01 -0000
@@ -274,6 +274,10 @@ priv_init(uid_t uid, gid_t gid)
        setproctitle("[priv]");
        close(socks[1]);
 
+       for (dev = allowed_devices; dev->name != NULL; dev++) {
+               if (unveil(dev->name, "rw") == -1)
+                       err(1, "unveil");
+       }
        if (pledge("stdio rpath wpath sendfd proc", NULL) == -1)
                err(1, "pledge");

Re: unveil xserver's priv proc

Reply via email to