OpenBSD / src / IozRsr3 / Restrict filesystem access to read only _PATH_DEVDB and /dev through unveil(2),

OpenBSD/src IozRsr3 — sbin/sysctl sysctl.c

2019-06-16 09:30:15 UTC by mestre on ⎇

HEAD

   Restrict filesystem access to read only _PATH_DEVDB and /dev through unveil(2),
   discussed by many.
   Additionally call ctime(3) before unveil(2) in order to avoid potential $TZ
   expansion and therefore avoiding opening more files that would need to be read,
   idea from deraadt@.
   While here sort the headers alphabetically.

   OK florian@ deraadt@

Version	Delta		File
1.243	+15	-4	sbin/sysctl/sysctl.c
	+15	-4	1 files

Unified Split Raw