CVSROOT: /cvs
Module name: src
Changes by: sema...@cvs.openbsd.org 2015/10/28 07:59:07
Modified files:
sys/kern : kern_pledge.c
Log message:
refactor pledge_namei() a bit
- remove all explicit checks that ensure p_pledgenote have counterpart in
ps_pledge by one unique check. It makes management of explicit whitelisted
operations on some paths more simple to manage. And now, we can use
p_pledgenote for more fined checking in namei usage.
- add special case for unsetted p_pledgenote: the behaviour is the same as
previously (we allow the operation with "rpath", "wpath" or "cpath" request)
but it should be changed soon to be more strict.
"go ahead" deraadt@
