On Sun, Aug 05, 2018 at 08:23:57AM -0600, Bob Beck wrote:
> CVSROOT: /cvs
> Module name: src
> Changes by: [email protected] 2018/08/05 08:23:57
>
> Modified files:
> sys/dev : diskmap.c
> sys/kern : exec_elf.c kern_exec.c kern_ktrace.c
> kern_unveil.c tty.c tty_pty.c vfs_syscalls.c
> sys/sys : namei.h proc.h
>
> Log message:
> Decouple unveil from the pledge flags, by adding dedicated unveil flags
> to the namei args. This fixes a bug where chmod would be allowed when
> with only READ. This also allows some further cleanup of some awkward
> things like PLEDGE_STAT that will follow
> Lots of assistence from semarie@ - thanks!
> ok semarie@
>
> Index: sys/kern/kern_unveil.c
> ===================================================================
> RCS file: /cvs/src/sys/kern/kern_unveil.c,v
> retrieving revision 1.10
> retrieving revision 1.11
> diff -u -p -r1.10 -r1.11
> --- sys/kern/kern_unveil.c 5 Aug 2018 13:59:38 -0000 1.10
> +++ sys/kern/kern_unveil.c 5 Aug 2018 14:23:57 -0000 1.11
> @@ -40,6 +40,11 @@
> #define UNVEIL_MAX_VNODES 128
> #define UNVEIL_MAX_NAMES 128
>
> +#define UNVEIL_READ 0x01
> +#define UNVEIL_WRITE 0x02
> +#define UNVEIL_CREATE 0x04
> +#define UNVEIL_EXEC 0x08
> +
the flags were defined both in kern/kernl_unveil.c and sys/namei.h
> static inline int
> unvname_compare(const struct unvname *n1, const struct unvname *n2)
> {
> Index: sys/sys/namei.h
> ===================================================================
> RCS file: /cvs/src/sys/sys/namei.h,v
> retrieving revision 1.35
> retrieving revision 1.36
> diff -u -p -r1.35 -r1.36
> --- sys/sys/namei.h 13 Jul 2018 09:25:23 -0000 1.35
> +++ sys/sys/namei.h 5 Aug 2018 14:23:57 -0000 1.36
> @@ -250,4 +251,11 @@ struct nchstats {
> { "ncs_dothits", CTLTYPE_QUAD }, \
> { "nch_dotdothits", CTLTYPE_QUAD }, \
> }
> +
> +/* Unveil flags for namei */
> +#define UNVEIL_READ 0x01
> +#define UNVEIL_WRITE 0x02
> +#define UNVEIL_CREATE 0x04
> +#define UNVEIL_EXEC 0x08
> +
> #endif /* !_SYS_NAMEI_H_ */
--
Sebastien Marie
