On Sat, Aug 04, 2018 at 01:16:44PM -0600, Bob Beck wrote:
> > > if ((error = namei()) != 0)
> > > return (error);
> > > fvp = fromnd.ni_vp;
> > > @@ -2945,6 +2973,7 @@ sys_revoke(struct proc *p, void *v, regi
> > >
> > > NDINIT(, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path),
> Some examples that will need consideration for unveil(2):
> - mount(2)
> - unmount(2)
> - quotactl(2)
> - chroot(2)
> - getfh(2)
> - acct(2)
> - coredump()
> - loadfirmware() - I think ifconfig(1) could make the kernel loading a
> firmware for some network card
>
> so having ni_unveil
> On Sat, Aug 04, 2018 at 10:40:11AM -0600, Bob Beck wrote:
> > On Fri, Aug 03, 2018 at 06:31:00AM +0200, Sebastien Marie wrote:
> > > On Thu, Aug 02, 2018 at 03:42:03PM +0200, Sebastien Marie wrote:
> > > > On Mon, Jul 30, 2018 at 07:55:35AM -0600, Bob Beck wrote:
> > > > > yeah the latter
> > + nd.ni_unveil = 0; /* XXX No flags == allow it */
>
> see my comment about ni_unveil != 0.
>
> as you still have check on (ni_pledge & PLEDGE_STAT), it should be still
> ok.
>
It doesn't actually do this yt.. this comment was a reminder for me
and should have had allow it? for my
On Sat, Aug 04, 2018 at 10:40:11AM -0600, Bob Beck wrote:
> On Fri, Aug 03, 2018 at 06:31:00AM +0200, Sebastien Marie wrote:
> > On Thu, Aug 02, 2018 at 03:42:03PM +0200, Sebastien Marie wrote:
> > > On Mon, Jul 30, 2018 at 07:55:35AM -0600, Bob Beck wrote:
> > > > yeah the latter will be the way
On Fri, Aug 03, 2018 at 06:31:00AM +0200, Sebastien Marie wrote:
> On Thu, Aug 02, 2018 at 03:42:03PM +0200, Sebastien Marie wrote:
> > On Mon, Jul 30, 2018 at 07:55:35AM -0600, Bob Beck wrote:
> > > yeah the latter will be the way to go
> > >
> >
> > new diff with direct lookup using an
On Mon, Jul 30, 2018 at 07:55:35AM -0600, Bob Beck wrote:
> yeah the latter will be the way to go
>
new diff with direct lookup using an indirection table.
first reorders PLEDGE flags to have:
- PLEDGE promises that could occurs in ni_pledge and are used for
unveil(2)
- PLEDGE promises
On Mon, Jul 30, 2018 at 12:00:59PM -0600, Theo de Raadt wrote:
> + for (i=0; flags[i].pledge != 0; i++)
> + if (ISSET(pledge_flags, flags[i].pledge)) {
> + SET(permissions, flags[i].unveil);
> + CLR(pledge_flags, flags[i].pledge);
> +
+ for (i=0; flags[i].pledge != 0; i++)
+ if (ISSET(pledge_flags, flags[i].pledge)) {
+ SET(permissions, flags[i].unveil);
+ CLR(pledge_flags, flags[i].pledge);
+ }
Rather than iterating, can this be done as a direct
On Mon, Jul 30, 2018 at 07:55:35AM -0600, Bob Beck wrote:
> yeah the latter will be the way to go
>
here it is.
Some notes:
- I changed flags definition from uint64_t to int
- I defined `static inline' the function that do the conversion from
pledge to unveil: having a function is more
yeah the latter will be the way to go
On Mon, Jul 30, 2018 at 06:02 Sebastien Marie wrote:
> Hi,
>
> I think unveil_flagmatch() isn't complete and/or has not the right
> semantic.
>
> A bit of internals for starting (I will speak about ni_pledge, people
> that know what it is and how it works
Hi,
I think unveil_flagmatch() isn't complete and/or has not the right
semantic.
A bit of internals for starting (I will speak about ni_pledge, people
that know what it is and how it works with pledge/unveil could go to
"what is the problem" part).
unveil(2) works with the syscall annotation
12 matches
Mail list logo
