On Sun, Apr 16, 2017 at 09:23:37AM -0600, Theo de Raadt wrote:
>
> I am quite averse to pledge inserting errnos rather than failure
> because it creates a "posix variant" rather than "enforcement",
> however I was wondering about doing a bit different here since the
> tape ioctl's are not really POSIX.
>
> Index: kern_pledge.c
> ===================================================================
> RCS file: /cvs/src/sys/kern/kern_pledge.c,v
> retrieving revision 1.203
> diff -u -p -u -r1.203 kern_pledge.c
> --- kern_pledge.c 13 Apr 2017 04:06:46 -0000 1.203
> +++ kern_pledge.c 15 Apr 2017 22:28:54 -0000
> @@ -1155,9 +1155,12 @@ pledge_ioctl(struct proc *p, long com, s
> case MTIOCTOP:
> /* for pax(1) and such, checking tapes... */
> if (fp->f_type == DTYPE_VNODE &&
> - vp->v_type == VCHR &&
> - (vp->v_flag & VISTTY) == 0)
> - return (0);
> + vp->v_type == VCHR) {
> + if (vp->v_flag & VISTTY)
> + return (ENOTTY);
> + else
> + return (0);
> + }
> break;
> }
> }
>
I'm fine with this. There is no clean way to check whether a file
descriptor represents a tape device from userland programs, so this
makes things easier. OK.
