On Wed, Sep 12, 2018 at 10:56:19AM +0100, Ricardo Mestre wrote: > Hi, > > When unveil(2) was introduced one break from SYS_stat case was removed on > kern_pledge.c, this adds it back. Noticed by Coverity 1471854. > > OK?
the removal was introduced by 1.236 on Jul 13, 2018 - https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/kern/kern_pledge.c.diff?r1=1.235&r2=1.236 - https://github.com/openbsd/src/commit/8b23add8c74b86d0da67de43302cf21b97b028be#diff-7fcc25d727d0f17575db87c6fdc61fafL603 I agree it should be restored : it allows some intented access(2) on specific system files which where only intented for open(2). it shouldn't be a big problem, but there is also some checks for activation yp stuff in this section. Thanks. -- Sebastien Marie > Index: kern_pledge.c > =================================================================== > RCS file: /cvs/src/sys/kern/kern_pledge.c,v > retrieving revision 1.242 > diff -u -p -u -r1.242 kern_pledge.c > --- kern_pledge.c 20 Aug 2018 10:00:04 -0000 1.242 > +++ kern_pledge.c 12 Sep 2018 09:46:16 -0000 > @@ -623,6 +623,7 @@ pledge_namei(struct proc *p, struct name > } else > return (pledge_fail(p, error, PLEDGE_GETPW)); > } > + break; > case SYS_open: > /* daemon(3) or other such functions */ > if ((ni->ni_pledge & ~(PLEDGE_RPATH | PLEDGE_WPATH)) == 0 && >
