This diff adds unveil to the main process. This is done after all files
from the command line have been read. Both for regular and -f mode.
Once the args have been read the process can limit the access to the
cachedir and the output dir. In -f mode only read access to the cachdir is
required. In regular both cachedir and outputdir need rwc rights.
--
:wq Claudio
Index: main.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision 1.208
diff -u -p -r1.208 main.c
--- main.c 27 Jun 2022 10:18:27 -0000 1.208
+++ main.c 28 Jul 2022 16:57:16 -0000
@@ -1006,8 +1006,7 @@ main(int argc, char *argv[])
signal(SIGALRM, suicide);
}
- /* TODO unveil cachedir and outputdir, no other access allowed */
- if (pledge("stdio rpath wpath cpath fattr sendfd", NULL) == -1)
+ if (pledge("stdio rpath wpath cpath fattr sendfd unveil", NULL) == -1)
err(1, "pledge");
msgbuf_init(&procq);
@@ -1049,6 +1048,18 @@ main(int argc, char *argv[])
while (*argv != NULL)
queue_add_file(*argv++, RTYPE_FILE, 0);
}
+
+ /* from here on only cachedir and outputdir are accessed */
+ if (!filemode) {
+ if (unveil(outputdir, "rwc") == -1)
+ err(1, "unveil outputdir");
+ if (unveil(cachedir, "rwc") == -1)
+ err(1, "unveil cachedir");
+ } else
+ if (unveil(cachedir, "r") == -1)
+ err(1, "unveil cachedir");
+ if (unveil(NULL, NULL) == -1)
+ err(1, "unveil");
/* change working directory to the cache directory */
if (fchdir(cachefd) == -1)
