From b4893693891f9ded8a36ec9c8e217b13376ed560 Mon Sep 17 00:00:00 2001
From: Philipp Bartsch <phil@grmr.de>
Date: Sat, 12 Oct 2024 01:39:12 +0200
Subject: [PATCH] Make sure unveil(2) is properly locked

This change ensures that unveil always gets locked (by passing two NULL
arguments) and at least one path ("/" with no permissions) got added to
unveil before that.

When no existing paths were registered with unveil(2), the filesystem
access is not restricted by it. Locking it in that state only prevents
us from configuring it further.
---
 endlessh.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/endlessh.c b/endlessh.c
index e448d59..909e58e 100644
--- a/endlessh.c
+++ b/endlessh.c
@@ -633,6 +633,8 @@ main(int argc, char **argv)
     const char *config_file = DEFAULT_CONFIG_FILE;
 
 #if defined(__OpenBSD__)
+    if (unveil("/", "") == -1)
+        die();
     unveil(config_file, "r"); /* return ignored as the file may not exist */
     if (pledge("inet stdio rpath unveil", 0) == -1)
         die();
@@ -693,6 +695,11 @@ main(int argc, char **argv)
         }
     }
 
+#if defined(__OpenBSD__)
+    if (unveil(0, 0) == -1)
+        die();
+#endif
+
     if (argv[optind]) {
         fprintf(stderr, "endlessh: too many arguments\n");
         exit(EXIT_FAILURE);