On 2021-12-12 01:52 UTC, Ricardo Mestre <[email protected]> wrote:
> Hi,
>
> usbhidctl(1) after hid_start(3) doesn't need to open any more files so we can
> restrict all fs access with unveil(2).
>
> comments? ok?
>
> Index: usbhid.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/usbhidctl/usbhid.c,v
> retrieving revision 1.17
> diff -u -p -u -r1.17 usbhid.c
> --- usbhid.c 31 May 2021 18:30:11 -0000 1.17
> +++ usbhid.c 12 Dec 2021 01:27:27 -0000
> @@ -941,6 +941,9 @@ main(int argc, char **argv)
> if (hidfd == -1)
> err(1, "%s", dev);
>
> + if (unveil("/", "") == -1)
> + err(1, "unveil /");
> +
You need this, too, no?
if (unveil(NULL, NULL) == -1)
err(1, "unveil");
> if (ioctl(hidfd, USB_GET_REPORT_ID, &reportid) == -1)
> reportid = -1;
> if (verbose > 1)
>
--
I'm not entirely sure you are real.
