Hi,
sensorsd(8) reports an unveil failure due to chdir / . An additional
"r" permission would be necessary.
- chdir before unveil, do not unveil /
- use absolute config path after chdir, also necessary for SIGHUP
- /etc/sensorsd.conf.db must be unveiled, cgetent(3) tries to open it
ok?
bluhm
Index: usr.sbin/sensorsd/sensorsd.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/sensorsd/sensorsd.c,v
retrieving revision 1.66
diff -u -p -r1.66 sensorsd.c
--- usr.sbin/sensorsd/sensorsd.c 28 Jun 2019 13:32:50 -0000 1.66
+++ usr.sbin/sensorsd/sensorsd.c 2 Jul 2020 18:14:53 -0000
@@ -94,7 +94,7 @@ void reparse_cfg(int);
TAILQ_HEAD(sdlimhead_t, sdlim_t);
struct sdlimhead_t sdlims = TAILQ_HEAD_INITIALIZER(sdlims);
-char *configfile;
+char *configfile, *configdb;
volatile sig_atomic_t reload = 0;
int debug = 0;
@@ -125,10 +125,9 @@ main(int argc, char *argv[])
debug = 1;
break;
case 'f':
- configfile = optarg;
- if (access(configfile, R_OK) != 0)
- err(1, "access configuration file %s",
- configfile);
+ configfile = realpath(optarg, NULL);
+ if (configfile == NULL)
+ err(1, "configuration file %s", optarg);
break;
default:
usage();
@@ -143,10 +142,13 @@ main(int argc, char *argv[])
if (configfile == NULL)
if (asprintf(&configfile, "/etc/sensorsd.conf") == -1)
err(1, "out of memory");
+ if (asprintf(&configdb, "%s.db", configfile) == -1)
+ err(1, "out of memory");
+ chdir("/");
if (unveil(configfile, "r") == -1)
err(1, "unveil");
- if (unveil("/", "x") == -1)
+ if (unveil(configdb, "r") == -1)
err(1, "unveil");
if (pledge("stdio rpath proc exec", NULL) == -1)
@@ -158,7 +160,7 @@ main(int argc, char *argv[])
parse_config(configfile);
- if (debug == 0 && daemon(0, 0) == -1)
+ if (debug == 0 && daemon(1, 0) == -1)
err(1, "unable to fork");
signal(SIGHUP, reparse_cfg);
