On Wed, Sep 12, 2018 at 10:56:19AM +0100, Ricardo Mestre wrote:
> Hi,
>
> When unveil(2) was introduced one break from SYS_stat case was removed on
> kern_pledge.c, this adds it back. Noticed by Coverity 1471854.
>
> OK?
the removal was introduced by 1.236 on Jul 13, 2018
-
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/kern/kern_pledge.c.diff?r1=1.235&r2=1.236
-
https://github.com/openbsd/src/commit/8b23add8c74b86d0da67de43302cf21b97b028be#diff-7fcc25d727d0f17575db87c6fdc61fafL603
I agree it should be restored : it allows some intented access(2) on
specific system files which where only intented for open(2). it
shouldn't be a big problem, but there is also some checks for activation
yp stuff in this section.
Thanks.
--
Sebastien Marie
> Index: kern_pledge.c
> ===
> RCS file: /cvs/src/sys/kern/kern_pledge.c,v
> retrieving revision 1.242
> diff -u -p -u -r1.242 kern_pledge.c
> --- kern_pledge.c 20 Aug 2018 10:00:04 - 1.242
> +++ kern_pledge.c 12 Sep 2018 09:46:16 -
> @@ -623,6 +623,7 @@ pledge_namei(struct proc *p, struct name
> } else
> return (pledge_fail(p, error, PLEDGE_GETPW));
> }
> + break;
> case SYS_open:
> /* daemon(3) or other such functions */
> if ((ni->ni_pledge & ~(PLEDGE_RPATH | PLEDGE_WPATH)) == 0 &&
>