CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2018/09/28 00:48:59
Modified files:
usr.sbin/tcpdump: privsep.c
Log message:
add unveil(2) to tcpdump(8)
The following files are opened in the privsep proc, with read permissions, and
therefore need to be unveiled:
- /etc/pf.os - for OS fingerprinting, but only unveiled if -o flag is used
- /etc/ethers - ether_ntohost(3)
- /etc/rpc - getrpcbynumber(3)
Additional files are also opened, but they are either opened before reaching
this code path, or are covered by pledge(2)'s dns promise.
shown and tested by a few people
OK brynet@ deraadt@
