CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2026/05/14 18:39:22
Modified files:
sys/sys : namei.h
sys/kern : kern_pledge.c vfs_lookup.c
lib/libc/sys : open.2
Log message:
Make __pledge_open(2) of /etc/localtime and /usr/share/zoneinfo much
more strict. If /etc/localtime is a symbolic link, allow one translation
which must land cleanly in /usr/share/zoneinfo (.. is checked for) otherwise
error with EACCES. In /usr/share/zoneinfo, do not allow symbolic links and
error with ELOOP.
Alfredo Ortega observed the non-strict handling, but agrees no specific
exploitability exists. Changing this took almost a month with many
discarded prototypes.
ok beck dgl
