From cec0268ffab8a2e9d9b5b2ad742310d629f2fe60 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Mon, 20 Jan 2020 22:21:41 +0100
Subject: [PATCH] id: Use unveil()

And so "id" becomes our first user of unveil(), giving himself access
to read /etc/passwd and /etc/group :^)
---
 Userland/id.cpp | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/Userland/id.cpp b/Userland/id.cpp
index e37ed60e58..6403bf3382 100644
--- a/Userland/id.cpp
+++ b/Userland/id.cpp
@@ -40,6 +40,21 @@ static bool flag_print_gid_all = false;
 
 int main(int argc, char** argv)
 {
+    if (unveil("/etc/passwd", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil("/etc/group", "r") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
+    if (unveil(nullptr, nullptr) < 0) {
+        perror("unveil");
+        return 1;
+    }
+
     if (pledge("stdio rpath", nullptr) < 0) {
         perror("pledge");
         return 1;