CVSROOT: /cvs
Module name: src
Changes by: k...@cvs.openbsd.org 2022/08/25 11:09:54
Modified files:
lib/libutil : opendev.3 opendev.c
Log message:
Only return file descriptors to block or character devices
If the requested path contained a slash, opendev(3) blindly opened the file
and returned a file descriptor to it.
Check for block or character devices (according to OPENDEV_BLCK) and fail
for other types.
Spotted through installboot(8) which happily opened a stage file as device
when forgetting the device argument:
# installboot -v ./biosboot
Using / as root
installing bootstrap on ./biosboot
using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
installboot: disklabel: ./biosboot: Inappropriate ioctl for device
This makes it fail earlier, as expected:
# installboot -v ./biosboot
installboot: open: ./biosboot: Block device required
The case where opendev(3) is passed a string not containing a slash, i.e.
a supposed DUID, is fine, as diskmap(4) will ensure that only valid device
paths are returned, if the DUID is valid.
Feedback OK millert
