Hi,
usbhidctl(1) after hid_start(3) doesn't need to open any more files so we can
restrict all fs access with unveil(2).
comments? ok?
Index: usbhid.c
===================================================================
RCS file: /cvs/src/usr.bin/usbhidctl/usbhid.c,v
retrieving revision 1.17
diff -u -p -u -r1.17 usbhid.c
--- usbhid.c 31 May 2021 18:30:11 -0000 1.17
+++ usbhid.c 12 Dec 2021 01:27:27 -0000
@@ -941,6 +941,9 @@ main(int argc, char **argv)
if (hidfd == -1)
err(1, "%s", dev);
+ if (unveil("/", "") == -1)
+ err(1, "unveil /");
+
if (ioctl(hidfd, USB_GET_REPORT_ID, &reportid) == -1)
reportid = -1;
if (verbose > 1)
