On Sat, Aug 04, 2018 at 01:16:44PM -0600, Bob Beck wrote: > > > if ((error = namei(&fromnd)) != 0) > > > return (error); > > > fvp = fromnd.ni_vp; > > > @@ -2945,6 +2973,7 @@ sys_revoke(struct proc *p, void *v, regi > > > > > > NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); > > > nd.ni_pledge = PLEDGE_RPATH | PLEDGE_TTY; > > > + nd.ni_unveil = UNVEIL_READ; > > > > I would put UNVEIL_READ|UNVEIL_WRITE : the invalidation is a kind of > > modification. > > > > Yeah, I was on the fence on that one when I did it. You are reading > the tty device from the filesystem, but the thing you are invalidating > is actually an operation on the tty, not anything to do with the > filesystem itself - but this could go either way......
Reading carefully sys_revoke(), I saw you don't need write access at all on the device. You just need to own it (or being super user). Having only UNVEIL_READ make sens too. I am fine with it. > Theo? I want your opinion here :) -- Sebastien Marie