incubator/dirl
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix unveil(2) usage

Browse source 
Thanks to the feedback by z0lqLA! I forgot that unveil(NULL, NULL)
only locks further unveil calls when there has been at least _one_ prior
call to unveil!

To fix this, we reorder the calls and also make sure to call unveil()
before we disallow unveils via pledge.

Signed-off-by: Laslo Hunhold <dev@frign.de>
This commit is contained in:
Laslo Hunhold 2020-03-20 20:35:34 +01:00
parent 3c7049e906
commit 5ee8c07e7e
No known key found for this signature in database
GPG key ID: 69576BD24CFCB980
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
main.c
View file

@ -387,10 +387,13 @@ main(int argc, char *argv[])
exit(0);
default:
/* limit ourselves even further while we are waiting */
eunveil(NULL, NULL);
if (udsname) {
eunveil(udsname, "c");
eunveil(NULL, NULL);
epledge("stdio cpath", NULL);
} else {
eunveil("/", "");
eunveil(NULL, NULL);
epledge("stdio", NULL);
}