Download raw body.
rpcinfo(8): add pledge & unveil.
Not an rpcinfo(8) user, but I think I tested all code paths.
The rpc library needs read access to the rpc database in
/etc/rpc. Other than that rpcinfo(8) only uses AF_INET sockets.
With -b, rpcinfo(8) uses gethostbyaddr(3) to report hosts that responded
so add "dns" pledge as well.
I couldn't really test -b though, nothing answered, maybe that's normal
in this day and age?
Tests, OKs?
diff --git rpcinfo.c rpcinfo.c
index 91d99144c2c..489f45716fa 100644
--- rpcinfo.c
+++ rpcinfo.c
@@ -50,6 +50,7 @@
#include <errno.h>
#include <limits.h>
#include <arpa/inet.h>
+#include <err.h>
#define MAXHOSTLEN 256
@@ -94,6 +95,15 @@ main(int argc, char *argv[])
function = NONE;
portnum = 0;
errflg = 0;
+
+ if (unveil("/etc/rpc", "r") == -1)
+ err(1, "unveil /");
+ if (unveil(NULL, NULL) == -1)
+ err(1, "unveil");
+
+ if (pledge("stdio inet dns rpath", NULL) == -1)
+ err(1, "pledge");
+
while ((c = getopt(argc, argv, "ptubdsn:")) != -1) {
switch (c) {
--
In my defence, I have been left unsupervised.
rpcinfo(8): add pledge & unveil.