diff options
| author | deraadt <> | 2018-08-10 17:15:22 +0000 |
|---|---|---|
| committer | deraadt <> | 2018-08-10 17:15:22 +0000 |
| commit | f4bcf7a13069cc8dbd4b203884cd22f2f9c8efa1 (patch) | |
| tree | 449d5e2bf3357979933c11d11614e45a4f14bc8c /src/usr.bin/nc/netcat.c | |
| parent | e6625680fe64e577e004e285005ccd4500eb7437 (diff) | |
| download | openbsd-f4bcf7a13069cc8dbd4b203884cd22f2f9c8efa1.tar.gz openbsd-f4bcf7a13069cc8dbd4b203884cd22f2f9c8efa1.tar.bz2 openbsd-f4bcf7a13069cc8dbd4b203884cd22f2f9c8efa1.zip | |
In typical swiss-army style, various modes and options cause
different unveils. Joint work with beck and florian.
Let us know if you hit any corner cases.
Diffstat (limited to 'src/usr.bin/nc/netcat.c')
| -rw-r--r-- | src/usr.bin/nc/netcat.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c index e03199e528..8e7f7e1718 100644 --- a/src/usr.bin/nc/netcat.c +++ b/src/usr.bin/nc/netcat.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: netcat.c,v 1.191 2018/04/27 15:17:53 beck Exp $ */ | 1 | /* $OpenBSD: netcat.c,v 1.192 2018/08/10 17:15:22 deraadt Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> | 3 | * Copyright (c) 2001 Eric Jackson <ericj@monkey.org> |
| 4 | * Copyright (c) 2015 Bob Beck. All rights reserved. | 4 | * Copyright (c) 2015 Bob Beck. All rights reserved. |
| @@ -364,6 +364,29 @@ main(int argc, char *argv[]) | |||
| 364 | } else | 364 | } else |
| 365 | usage(1); | 365 | usage(1); |
| 366 | 366 | ||
| 367 | if (usetls) { | ||
| 368 | if (Cflag && unveil(Cflag, "r") == -1) | ||
| 369 | err(1, "unveil"); | ||
| 370 | if (unveil(Rflag, "r") == -1) | ||
| 371 | err(1, "unveil"); | ||
| 372 | if (Kflag && unveil(Kflag, "r") == -1) | ||
| 373 | err(1, "unveil"); | ||
| 374 | if (oflag && unveil(oflag, "r") == -1) | ||
| 375 | err(1, "unveil"); | ||
| 376 | } else { | ||
| 377 | if (family == AF_UNIX) { | ||
| 378 | if (unveil(host, "rwc") == -1) | ||
| 379 | err(1, "unveil"); | ||
| 380 | if (uflag && !lflag) { | ||
| 381 | if (unveil(sflag ? sflag : "/tmp", "rwc") == -1) | ||
| 382 | err(1, "unveil"); | ||
| 383 | } | ||
| 384 | } else { | ||
| 385 | if (unveil("/", "") == -1) | ||
| 386 | err(1, "unveil"); | ||
| 387 | } | ||
| 388 | } | ||
| 389 | |||
| 367 | if (family == AF_UNIX) { | 390 | if (family == AF_UNIX) { |
| 368 | if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1) | 391 | if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1) |
| 369 | err(1, "pledge"); | 392 | err(1, "pledge"); |