Ashton Fagg <ash...@fagg.id.au> writes: > Ok splendid. I've regenerated these, this time including dhcpleased and > slaacd since Florian requested I do this in private mail. > > I went for err(1, "unveil %s", path) per Theo's suggestion - nice and > clear. This is now everything in sbin, bin and games. usr/{bin, sbin} > looks like a bigger job but I'll get to it this week probably.
Patches attached for all utilities in usr.bin. There's a couple of these that also fix some whitespace problems (trailing tabs for example). All that leaves now is usr.sbin, which I will get to tomorrow most likely.
diff --git a/usr.bin/audioctl/audioctl.c b/usr.bin/audioctl/audioctl.c index ec2c1927695..b547c618b16 100644 --- a/usr.bin/audioctl/audioctl.c +++ b/usr.bin/audioctl/audioctl.c @@ -285,7 +285,7 @@ main(int argc, char **argv) argv += optind; if (unveil(path, "w") == -1) - err(1, "unveil"); + err(1, "unveil %s", path); if (unveil(NULL, NULL) == -1) err(1, "unveil"); @@ -296,5 +296,5 @@ main(int argc, char **argv) audio_main(argc, argv); close(fd); - return 0; + return 0; }
diff --git a/usr.bin/biff/biff.c b/usr.bin/biff/biff.c index f8c102f5dfc..565b8ed9177 100644 --- a/usr.bin/biff/biff.c +++ b/usr.bin/biff/biff.c @@ -62,7 +62,7 @@ main(int argc, char *argv[]) err(2, "tty"); if (unveil(name, "rw") == -1) - err(2, "unveil"); + err(2, "unveil %s", name); if (pledge("stdio rpath fattr", NULL) == -1) err(2, "pledge");
diff --git a/usr.bin/chpass/chpass.c b/usr.bin/chpass/chpass.c index f20b7f18b9b..d92a1d4c1e2 100644 --- a/usr.bin/chpass/chpass.c +++ b/usr.bin/chpass/chpass.c @@ -137,11 +137,11 @@ main(int argc, char *argv[]) display(tempname, dfd, pw); if (unveil(_PATH_BSHELL, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_BSHELL); if (unveil(_PATH_SHELLS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_SHELLS); if (unveil(tempname, "rc") == -1) - err(1, "unveil"); + err(1, "unveil %s", tempname); if (pledge("stdio rpath wpath cpath id proc exec unveil", NULL) == -1) err(1, "pledge"); @@ -165,7 +165,7 @@ main(int argc, char *argv[]) if (op == NEWSH) { if (unveil(_PATH_SHELLS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_SHELLS); if (pledge("stdio rpath wpath cpath id proc exec unveil", NULL) == -1) err(1, "pledge"); @@ -184,11 +184,11 @@ main(int argc, char *argv[]) sigprocmask(SIG_BLOCK, &fullset, NULL); if (unveil(_PATH_MASTERPASSWD_LOCK, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_MASTERPASSWD_LOCK); if (unveil(_PATH_MASTERPASSWD, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_MASTERPASSWD); if (unveil(_PATH_PWD_MKDB, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_PWD_MKDB); if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1) err(1, "pledge");
diff --git a/usr.bin/ctfconv/ctfconv.c b/usr.bin/ctfconv/ctfconv.c index f47af91541d..b86e89d33e6 100644 --- a/usr.bin/ctfconv/ctfconv.c +++ b/usr.bin/ctfconv/ctfconv.c @@ -128,11 +128,11 @@ main(int argc, char *argv[]) filename = *argv; if (unveil(filename, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", filename); if (outfile != NULL) { if (unveil(outfile, "wc") == -1) - err(1, "unveil"); + err(1, "unveil %s", outfile); } if (pledge("stdio rpath wpath cpath", NULL) == -1)
diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index be05be3a968..5940402e27e 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -416,9 +416,10 @@ main(int argc, char **argv) if (formerpath == NULL) formerpath = ""; - if (unveil(_PATH_LOGIN_CONF, "r") == -1 || - unveil(_PATH_LOGIN_CONF ".db", "r") == -1) - err(1, "unveil"); + if (unveil(_PATH_LOGIN_CONF, "r") == -1) + err(1, "unveil %s", _PATH_LOGIN_CONF); + if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) + err(1, "unveil %s.db", _PATH_LOGIN_CONF); if (rule->cmd) { if (setenv("PATH", safepath, 1) == -1) err(1, "failed to set PATH '%s'", safepath);
diff --git a/usr.bin/encrypt/encrypt.c b/usr.bin/encrypt/encrypt.c index 01e96edd9f8..bbc41011783 100644 --- a/usr.bin/encrypt/encrypt.c +++ b/usr.bin/encrypt/encrypt.c @@ -95,9 +95,10 @@ main(int argc, char **argv) char *extra = NULL; /* Store login class or number of rounds */ const char *errstr; - if (unveil(_PATH_LOGIN_CONF, "r") == -1 || - unveil(_PATH_LOGIN_CONF ".db", "r") == -1) - err(1, "unveil"); + if (unveil(_PATH_LOGIN_CONF, "r") == -1) + err(1, "unveil %s", _PATH_LOGIN_CONF); + if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) + err(1, "unveil %s.db", _PATH_LOGIN_CONF); if (pledge("stdio rpath tty", NULL) == -1) err(1, "pledge");
diff --git a/usr.bin/from/from.c b/usr.bin/from/from.c index 59b743e7247..50cc6cd74d4 100644 --- a/usr.bin/from/from.c +++ b/usr.bin/from/from.c @@ -80,7 +80,7 @@ main(int argc, char *argv[]) file = mail_spool(file, *argv); if (unveil(file, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", file); if (pledge("stdio rpath", NULL) == -1) err(1, "pledge");
diff --git a/usr.bin/getconf/getconf.c b/usr.bin/getconf/getconf.c index 3cf332f1181..95de075a8a1 100644 --- a/usr.bin/getconf/getconf.c +++ b/usr.bin/getconf/getconf.c @@ -514,7 +514,7 @@ main(int argc, char *argv[]) case PATHCONF: if (unveil(argv[1], "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", argv[1]); if (pledge("stdio rpath", NULL) == -1) err(1, "pledge"); errno = 0;
diff --git a/usr.bin/getent/getent.c b/usr.bin/getent/getent.c index 3555f3420f0..340676a8ecc 100644 --- a/usr.bin/getent/getent.c +++ b/usr.bin/getent/getent.c @@ -102,7 +102,7 @@ main(int argc, char *argv[]) if (strcmp(curdb->name, argv[1]) == 0) { if (curdb->unveil != NULL) { if (unveil(curdb->unveil, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", curdb->unveil); } if (pledge(curdb->pledge, NULL) == -1) err(1, "pledge");
diff --git a/usr.bin/htpasswd/htpasswd.c b/usr.bin/htpasswd/htpasswd.c index 85a7f5ccece..177c3c999a1 100644 --- a/usr.bin/htpasswd/htpasswd.c +++ b/usr.bin/htpasswd/htpasswd.c @@ -74,9 +74,9 @@ main(int argc, char** argv) if ((batch && argc == 1) || (!batch && argc == 2)) { if (unveil(argv[0], "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", argv[0]); if (unveil("/tmp", "rwc") == -1) - err(1, "unveil"); + err(1, "unveil /tmp"); } if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1) err(1, "pledge");
diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c index fb71d3c7520..92848924fb1 100644 --- a/usr.bin/kdump/kdump.c +++ b/usr.bin/kdump/kdump.c @@ -223,9 +223,9 @@ main(int argc, char *argv[]) if (strcmp(tracefile, "-") != 0) if (unveil(tracefile, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", tracefile); if (unveil(_PATH_PROTOCOLS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_PROTOCOLS); if (pledge("stdio rpath getpw", NULL) == -1) err(1, "pledge");
diff --git a/usr.bin/last/last.c b/usr.bin/last/last.c index 98688a7bbcf..26c59205adf 100644 --- a/usr.bin/last/last.c +++ b/usr.bin/last/last.c @@ -153,7 +153,7 @@ main(int argc, char *argv[]) exit(0); if (unveil(file, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", file); if (pledge("stdio rpath", NULL) == -1) err(1, "pledge");
diff --git a/usr.bin/look/look.c b/usr.bin/look/look.c index fa0b7353bc2..4341a058ac1 100644 --- a/usr.bin/look/look.c +++ b/usr.bin/look/look.c @@ -111,7 +111,7 @@ main(int argc, char *argv[]) } if (unveil(file, "r") == -1) - err(2, "unveil"); + err(2, "unveil %s", file); if (pledge("stdio rpath", NULL) == -1) err(2, "pledge");
diff --git a/usr.bin/mesg/mesg.c b/usr.bin/mesg/mesg.c index d682e9e9bcd..eea246de42d 100644 --- a/usr.bin/mesg/mesg.c +++ b/usr.bin/mesg/mesg.c @@ -65,7 +65,7 @@ main(int argc, char *argv[]) err(2, "ttyname"); if (unveil(tty, "rw") == -1) - err(2, "unveil"); + err(2, "unveil %s", tty); if (pledge("stdio rpath fattr", NULL) == -1) err(2, "pledge");
diff --git a/usr.bin/mixerctl/mixerctl.c b/usr.bin/mixerctl/mixerctl.c index e454d9d64bc..4b5cc79236d 100644 --- a/usr.bin/mixerctl/mixerctl.c +++ b/usr.bin/mixerctl/mixerctl.c @@ -285,7 +285,7 @@ main(int argc, char **argv) aflag = 1; if (unveil(file, "w") == -1) - err(1, "unveil"); + err(1, "unveil %s", file); if (unveil(NULL, NULL) == -1) err(1, "unveil");
diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c index 503095584ad..f3c6433b793 100644 --- a/usr.bin/nc/netcat.c +++ b/usr.bin/nc/netcat.c @@ -364,13 +364,13 @@ main(int argc, char *argv[]) if (usetls) { if (Cflag && unveil(Cflag, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", Cflag); if (unveil(Rflag, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", Rflag); if (Kflag && unveil(Kflag, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", Kflag); if (oflag && unveil(oflag, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", oflag); } else if (family == AF_UNIX && uflag && lflag && !kflag) { /* * After recvfrom(2) from client, the server connects @@ -380,20 +380,20 @@ main(int argc, char *argv[]) } else { if (family == AF_UNIX) { if (unveil(host, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", host); if (uflag && !kflag) { if (sflag) { if (unveil(sflag, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", sflag); } else { if (unveil("/tmp", "rwc") == -1) - err(1, "unveil"); + err(1, "unveil /tmp"); } } } else { /* no filesystem visibility */ if (unveil("/", "") == -1) - err(1, "unveil"); + err(1, "unveil /"); } }
diff --git a/usr.bin/passwd/local_passwd.c b/usr.bin/passwd/local_passwd.c index 955eb9e3820..9d76a5d8dfb 100644 --- a/usr.bin/passwd/local_passwd.c +++ b/usr.bin/passwd/local_passwd.c @@ -73,19 +73,19 @@ local_passwd(char *uname, int authenticated) } if (unveil(_PATH_MASTERPASSWD_LOCK, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_MASTERPASSWD_LOCK); if (unveil(_PATH_MASTERPASSWD, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_MASTERPASSWD); if (unveil(_PATH_LOGIN_CONF, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_LOGIN_CONF); if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) - err(1, "unveil"); + err(1, "unveil %s.db", _PATH_LOGIN_CONF); if (unveil(_PATH_BSHELL, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_BSHELL); if (unveil(_PATH_SHELLS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_SHELLS); if (unveil(_PATH_PWD_MKDB, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_PWD_MKDB); if (pledge("stdio rpath wpath cpath getpw tty id proc exec", NULL) == -1) err(1, "pledge");
diff --git a/usr.bin/sdiff/sdiff.c b/usr.bin/sdiff/sdiff.c index 90207e16950..8e15fc38dcd 100644 --- a/usr.bin/sdiff/sdiff.c +++ b/usr.bin/sdiff/sdiff.c @@ -255,7 +255,7 @@ main(int argc, char **argv) if (outfile && (outfp = fopen(outfile, "w")) == NULL) err(2, "could not open: %s", optarg); - if ((tmpdir = getenv("TMPDIR")) == NULL || *tmpdir == '\0') + if ((tmpdir = getenv("TMPDIR")) == NULL || *tmpdir == '\0') tmpdir = _PATH_TMP; filename1 = argv[0]; @@ -263,15 +263,15 @@ main(int argc, char **argv) if (!Fflag) { if (unveil(filename1, "r") == -1) - err(2, "unveil"); + err(2, "unveil %s", filename1); if (unveil(filename2, "r") == -1) - err(2, "unveil"); + err(2, "unveil %s", filename2); if (unveil(tmpdir, "rwc") == -1) - err(2, "unveil"); + err(2, "unveil %s", tmpdir); if (unveil("/usr/bin/diff", "x") == -1) - err(2, "unveil"); + err(2, "unveil /usr/bin/diff"); if (unveil(_PATH_BSHELL, "x") == -1) - err(2, "unveil"); + err(2, "unveil %s", _PATH_BSHELL); } if (pledge("stdio rpath wpath cpath proc exec", NULL) == -1) err(2, "pledge");
diff --git a/usr.bin/sndiod/sndiod.c b/usr.bin/sndiod/sndiod.c index 9a7daeb9e63..19d5ae28088 100644 --- a/usr.bin/sndiod/sndiod.c +++ b/usr.bin/sndiod/sndiod.c @@ -378,7 +378,7 @@ dounveil(char *name, char *prefix, char *path_prefix) errx(1, "%s: unsupported device or port format", name); snprintf(path, sizeof(path), "%s%s", path_prefix, name + prefix_len); if (unveil(path, "rw") == -1) - err(1, "unveil"); + err(1, "unveil %s", path); } static int
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index 193fe832e16..ccc94cf76b1 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -161,17 +161,17 @@ main(int argc, char **argv) } if (unveil(_PATH_LOGIN_CONF, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_LOGIN_CONF); if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) - err(1, "unveil"); + err(1, "unveil %s.db", _PATH_LOGIN_CONF); if (unveil(_PATH_AUTHPROGDIR, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_AUTHPROGDIR); if (unveil(_PATH_SHELLS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_SHELLS); if (unveil(_PATH_DEVDB, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEVDB); if (unveil(_PATH_NOLOGIN, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_NOLOGIN); for (;;) { char *pw_class = class; @@ -251,9 +251,9 @@ main(int argc, char **argv) } if (unveil(shell, "x") == -1) - err(1, "unveil"); + err(1, "unveil %s", shell); if (unveil(pwd->pw_dir, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", pwd->pw_dir); if ((p = strrchr(shell, '/'))) avshell = p+1; @@ -283,7 +283,7 @@ main(int argc, char **argv) auth_err(as, 1, "%s", pwd->pw_dir); } else { if (unveil("/", "r") == -1) - err(1, "unveil"); + err(1, "unveil /"); printf("No home directory %s!\n", pwd->pw_dir); printf("Logging in with home = \"/\".\n"); if (chdir("/") == -1)
diff --git a/usr.bin/systat/main.c b/usr.bin/systat/main.c index 31092ec3f9a..c7108cd1e63 100644 --- a/usr.bin/systat/main.c +++ b/usr.bin/systat/main.c @@ -586,7 +586,7 @@ main(int argc, char *argv[]) setup_term(maxlines); if (unveil("/", "r") == -1) - err(1, "unveil"); + err(1, "unveil /"); if (unveil(NULL, NULL) == -1) err(1, "unveil");
diff --git a/usr.bin/tcpbench/tcpbench.c b/usr.bin/tcpbench/tcpbench.c index c56752ce10e..670b345f0a6 100644 --- a/usr.bin/tcpbench/tcpbench.c +++ b/usr.bin/tcpbench/tcpbench.c @@ -1273,11 +1273,11 @@ main(int argc, char **argv) if (ptb->kvars) { if (unveil(_PATH_MEM, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_MEM); if (unveil(_PATH_KMEM, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_KMEM); if (unveil(_PATH_KSYMS, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_KSYMS); if ((ptb->kvmh = kvm_openfiles(NULL, NULL, NULL, O_RDONLY, kerr)) == NULL) @@ -1294,7 +1294,7 @@ main(int argc, char **argv) if (ptb->Uflag) if (unveil(host, "rwc") == -1) - err(1, "unveil"); + err(1, "unveil %s", host); if (pledge("stdio id dns inet unix", NULL) == -1) err(1, "pledge");
diff --git a/usr.bin/tty/tty.c b/usr.bin/tty/tty.c index 0409f441aca..bf27670c530 100644 --- a/usr.bin/tty/tty.c +++ b/usr.bin/tty/tty.c @@ -58,7 +58,7 @@ main(int argc, char *argv[]) } if (unveil(_PATH_DEVDB, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEVDB); if (pledge("stdio rpath", NULL) == -1) err(1, "pledge");
diff --git a/usr.bin/users/users.c b/usr.bin/users/users.c index 07d43771a3a..f3b9e1484c5 100644 --- a/usr.bin/users/users.c +++ b/usr.bin/users/users.c @@ -54,7 +54,7 @@ main(int argc, char *argv[]) int ch; if (unveil(_PATH_UTMP, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_UTMP); if (pledge("stdio rpath", NULL) == -1) err(1, "pledge");
diff --git a/usr.bin/vmstat/vmstat.c b/usr.bin/vmstat/vmstat.c index da88fe0e095..c9ff3022d96 100644 --- a/usr.bin/vmstat/vmstat.c +++ b/usr.bin/vmstat/vmstat.c @@ -213,7 +213,7 @@ main(int argc, char *argv[]) } if (unveil("/", "") == -1) - err(1, "unveil"); + err(1, "unveil /"); if (unveil(NULL, NULL) == -1) err(1, "unveil");
diff --git a/usr.bin/wall/wall.c b/usr.bin/wall/wall.c index 9626dc16287..6f4e3bcd012 100644 --- a/usr.bin/wall/wall.c +++ b/usr.bin/wall/wall.c @@ -116,11 +116,11 @@ main(int argc, char **argv) makemsg(*argv); if (unveil(_PATH_UTMP, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_UTMP); if (unveil(_PATH_DEV, "w") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEV); if (unveil(_PATH_DEVDB, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEVDB); if (pledge("stdio rpath wpath getpw proc", NULL) == -1) err(1, "pledge");
diff --git a/usr.bin/who/who.c b/usr.bin/who/who.c index a625d440582..9630a8048fd 100644 --- a/usr.bin/who/who.c +++ b/usr.bin/who/who.c @@ -113,7 +113,7 @@ main(int argc, char *argv[]) if (show_quick) { only_current_term = show_term = show_idle = show_labels = 0; } - + if (show_term) hostwidth -= 2; if (show_idle) @@ -123,10 +123,10 @@ main(int argc, char *argv[]) output_labels(); if (unveil(_PATH_UTMP, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_UTMP); if (show_term || show_idle) { if (unveil(_PATH_DEV, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", _PATH_DEV); } switch (argc) { case 0: /* who */ @@ -138,7 +138,7 @@ main(int argc, char *argv[]) who_am_i(ufp); } else if (show_quick) { int count = 0; - + while (fread((char *)&usr, sizeof(usr), 1, ufp) == 1) { if (*usr.ut_name && *usr.ut_line) { (void)printf("%-*.*s ", NAME_WIDTH, @@ -159,7 +159,7 @@ main(int argc, char *argv[]) break; case 1: /* who utmp_file */ if (unveil(*argv, "r") == -1) - err(1, "unveil"); + err(1, "unveil %s", *argv); if (pledge("stdio rpath getpw", NULL) == -1) err(1, "pledge"); ufp = file(*argv);