Change the error reporting pattern throughout the tree when unveil

fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@
author: beck <> 2021-07-12 15:09:21 +0000
committer: beck <> 2021-07-12 15:09:21 +0000
commit: dbd124eb250ac72aac05539d1367e15cf129f204 (patch)
tree: 61287a5a6562610dc26b24bad7d8d0ebf70eda8a
parent: dbfa1ee3062f3845905acb0e6e40da4f3169f04d (diff)
download: openbsd-dbd124eb250ac72aac05539d1367e15cf129f204.tar.gz
openbsd-dbd124eb250ac72aac05539d1367e15cf129f204.tar.bz2
openbsd-dbd124eb250ac72aac05539d1367e15cf129f204.zip
2 files changed, 13 insertions, 13 deletions
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c
index 503095584a..811551f57d 100644
--- a/src/usr.bin/nc/netcat.c
+++ b/src/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: netcat.c,v 1.217 2020/02/12 14:46:36 schwarze Exp $ */
+/* $OpenBSD: netcat.c,v 1.218 2021/07/12 15:09:20 beck Exp $ */
 /*
 * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
 * Copyright (c) 2015 Bob Beck.  All rights reserved.
@@ -364,13 +364,13 @@ main(int argc, char *argv[])
        if (usetls) {
                if (Cflag && unveil(Cflag, "r") == -1)
-                        err(1, "unveil");
+                        err(1, "unveil %s", Cflag);
                if (unveil(Rflag, "r") == -1)
-                        err(1, "unveil");
+                        err(1, "unveil %s", Rflag);
                if (Kflag && unveil(Kflag, "r") == -1)
-                        err(1, "unveil");
+                        err(1, "unveil %s", Kflag);
                if (oflag && unveil(oflag, "r") == -1)
-                        err(1, "unveil");
+                        err(1, "unveil %s", oflag);
        } else if (family == AF_UNIX && uflag && lflag && !kflag) {
                /*
                 * After recvfrom(2) from client, the server connects
@@ -380,20 +380,20 @@ main(int argc, char *argv[])
        } else {
                if (family == AF_UNIX) {
                        if (unveil(host, "rwc") == -1)
-                                err(1, "unveil");
+                                err(1, "unveil %s", host);
                        if (uflag && !kflag) {
                                if (sflag) {
                                        if (unveil(sflag, "rwc") == -1)
-                                                err(1, "unveil");
+                                                err(1, "unveil %s", sflag);
                                } else {
                                        if (unveil("/tmp", "rwc") == -1)
-                                                err(1, "unveil");
+                                                err(1, "unveil /tmp");
                                }
                        }
                } else {
                        /* no filesystem visibility */
                        if (unveil("/", "") == -1)
-                                err(1, "unveil");
+                                err(1, "unveil /");
                }
        }
diff --git a/src/usr.sbin/ocspcheck/ocspcheck.c b/src/usr.sbin/ocspcheck/ocspcheck.c
index 50f114f07c..46e7e66607 100644
--- a/src/usr.sbin/ocspcheck/ocspcheck.c
+++ b/src/usr.sbin/ocspcheck/ocspcheck.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocspcheck.c,v 1.29 2021/02/09 16:55:51 claudio Exp $ */
+/* $OpenBSD: ocspcheck.c,v 1.30 2021/07/12 15:09:21 beck Exp $ */
 /*
 * Copyright (c) 2017,2020 Bob Beck <beck@openbsd.org>
@@ -617,14 +617,14 @@ main(int argc, char **argv)
        if (cafile != NULL) {
                if (unveil(cafile, "r") == -1)
-                        err(1, "unveil");
+                        err(1, "unveil %s", cafile);
        }
        if (cadir != NULL) {
                if (unveil(cadir, "r") == -1)
-                        err(1, "unveil");
+                        err(1, "unveil %s", cadir);
        }
        if (unveil(certfile, "r") == -1)
-                err(1, "unveil");
+                err(1, "unveil %s", certfile);
        if (pledge("stdio inet rpath dns", NULL) == -1)
                err(1, "pledge");
author	beck <>	2021-07-12 15:09:21 +0000
committer	beck <>	2021-07-12 15:09:21 +0000
commit	dbd124eb250ac72aac05539d1367e15cf129f204 (patch)
tree	61287a5a6562610dc26b24bad7d8d0ebf70eda8a
parent	dbfa1ee3062f3845905acb0e6e40da4f3169f04d (diff)
download	openbsd-dbd124eb250ac72aac05539d1367e15cf129f204.tar.gz openbsd-dbd124eb250ac72aac05539d1367e15cf129f204.tar.bz2 openbsd-dbd124eb250ac72aac05539d1367e15cf129f204.zip

diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c index 503095584a..811551f57d 100644 --- a/src/usr.bin/nc/netcat.c +++ b/src/usr.bin/nc/netcat.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: netcat.c,v 1.217 2020/02/12 14:46:36 schwarze Exp $ */	1	/* $OpenBSD: netcat.c,v 1.218 2021/07/12 15:09:20 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2001 Eric Jackson <ericj@monkey.org>	3	* Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
4	* Copyright (c) 2015 Bob Beck. All rights reserved.	4	* Copyright (c) 2015 Bob Beck. All rights reserved.
@@ -364,13 +364,13 @@ main(int argc, char *argv[])
364		364
365	if (usetls) {	365	if (usetls) {
366	if (Cflag && unveil(Cflag, "r") == -1)	366	if (Cflag && unveil(Cflag, "r") == -1)
367	err(1, "unveil");	367	err(1, "unveil %s", Cflag);
368	if (unveil(Rflag, "r") == -1)	368	if (unveil(Rflag, "r") == -1)
369	err(1, "unveil");	369	err(1, "unveil %s", Rflag);
370	if (Kflag && unveil(Kflag, "r") == -1)	370	if (Kflag && unveil(Kflag, "r") == -1)
371	err(1, "unveil");	371	err(1, "unveil %s", Kflag);
372	if (oflag && unveil(oflag, "r") == -1)	372	if (oflag && unveil(oflag, "r") == -1)
373	err(1, "unveil");	373	err(1, "unveil %s", oflag);
374	} else if (family == AF_UNIX && uflag && lflag && !kflag) {	374	} else if (family == AF_UNIX && uflag && lflag && !kflag) {
375	/*	375	/*
376	* After recvfrom(2) from client, the server connects	376	* After recvfrom(2) from client, the server connects
@@ -380,20 +380,20 @@ main(int argc, char *argv[])
380	} else {	380	} else {
381	if (family == AF_UNIX) {	381	if (family == AF_UNIX) {
382	if (unveil(host, "rwc") == -1)	382	if (unveil(host, "rwc") == -1)
383	err(1, "unveil");	383	err(1, "unveil %s", host);
384	if (uflag && !kflag) {	384	if (uflag && !kflag) {
385	if (sflag) {	385	if (sflag) {
386	if (unveil(sflag, "rwc") == -1)	386	if (unveil(sflag, "rwc") == -1)
387	err(1, "unveil");	387	err(1, "unveil %s", sflag);
388	} else {	388	} else {
389	if (unveil("/tmp", "rwc") == -1)	389	if (unveil("/tmp", "rwc") == -1)
390	err(1, "unveil");	390	err(1, "unveil /tmp");
391	}	391	}
392	}	392	}
393	} else {	393	} else {
394	/* no filesystem visibility */	394	/* no filesystem visibility */
395	if (unveil("/", "") == -1)	395	if (unveil("/", "") == -1)
396	err(1, "unveil");	396	err(1, "unveil /");
397	}	397	}
398	}	398	}
399		399


diff --git a/src/usr.sbin/ocspcheck/ocspcheck.c b/src/usr.sbin/ocspcheck/ocspcheck.c index 50f114f07c..46e7e66607 100644 --- a/src/usr.sbin/ocspcheck/ocspcheck.c +++ b/src/usr.sbin/ocspcheck/ocspcheck.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ocspcheck.c,v 1.29 2021/02/09 16:55:51 claudio Exp $ */	1	/* $OpenBSD: ocspcheck.c,v 1.30 2021/07/12 15:09:21 beck Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2017,2020 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2017,2020 Bob Beck <beck@openbsd.org>
@@ -617,14 +617,14 @@ main(int argc, char **argv)
617		617
618	if (cafile != NULL) {	618	if (cafile != NULL) {
619	if (unveil(cafile, "r") == -1)	619	if (unveil(cafile, "r") == -1)
620	err(1, "unveil");	620	err(1, "unveil %s", cafile);
621	}	621	}
622	if (cadir != NULL) {	622	if (cadir != NULL) {
623	if (unveil(cadir, "r") == -1)	623	if (unveil(cadir, "r") == -1)
624	err(1, "unveil");	624	err(1, "unveil %s", cadir);
625	}	625	}
626	if (unveil(certfile, "r") == -1)	626	if (unveil(certfile, "r") == -1)
627	err(1, "unveil");	627	err(1, "unveil %s", certfile);
628		628
629	if (pledge("stdio inet rpath dns", NULL) == -1)	629	if (pledge("stdio inet rpath dns", NULL) == -1)
630	err(1, "pledge");	630	err(1, "pledge");