yep, ok mestre@
On 20:50 Tue 14 Dec , Theo de Raadt wrote:
> I agree.
>
> Jonathan Matthew <[email protected]> wrote:
>
> > ldapd currently can't reopen its database files, because it always passes
> > O_CREAT to open() when reopening (see ldapd_open_request()), which means it
> > needs the unveil 'c' flag. This may have been missed when ldapd was
> > unveiled
> > because 'ldapctl compact' was broken (see other diff).
> >
> > ok?
> >
> >
> > Index: ldapd.c
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/ldapd/ldapd.c,v
> > retrieving revision 1.29
> > diff -u -p -r1.29 ldapd.c
> > --- ldapd.c 14 Jul 2021 13:33:57 -0000 1.29
> > +++ ldapd.c 15 Dec 2021 03:42:04 -0000
> > @@ -243,7 +243,7 @@ main(int argc, char *argv[])
> > err(1, "unveil %s.db", _PATH_LOGIN_CONF);
> > if (unveil(_PATH_AUTHPROGDIR, "x") == -1)
> > err(1, "unveil %s", _PATH_AUTHPROGDIR);
> > - if (unveil(datadir, "rw") == -1)
> > + if (unveil(datadir, "rwc") == -1)
> > err(1, "unveil %s", datadir);
> > if (unveil(NULL, NULL) == -1)
> > err(1, "unveil");
> >
>
