summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Bluhm <bluhm@cvs.openbsd.org>2015-12-03 16:50:45 +0000
committerAlexander Bluhm <bluhm@cvs.openbsd.org>2015-12-03 16:50:45 +0000
commita20e116c75f242a9205b4c63f7095dfaee10e601 (patch)
tree283668830424cb01b78a4633cf66581c08ea8e5a
parentdff17dbfaf3a4db17a3050046e0cf30ecc6bb481 (diff)
Remove the /usr/share/nls/ exception from pledge(2). The libc
native language support was deleted a month ago at u2k15. OK semarie@ deraadt@
-rw-r--r--lib/libc/sys/pledge.214
-rw-r--r--sys/kern/kern_pledge.c9
2 files changed, 6 insertions, 17 deletions
diff --git a/lib/libc/sys/pledge.2 b/lib/libc/sys/pledge.2
index 7ed16e63a63..d9867608d00 100644
--- a/lib/libc/sys/pledge.2
+++ b/lib/libc/sys/pledge.2
@@ -1,4 +1,4 @@
-.\" $OpenBSD: pledge.2,v 1.18 2015/12/01 15:14:24 millert Exp $
+.\" $OpenBSD: pledge.2,v 1.19 2015/12/03 16:50:44 bluhm Exp $
.\"
.\" Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: December 1 2015 $
+.Dd $Mdocdate: December 3 2015 $
.Dt PLEDGE 2
.Os
.Sh NAME
@@ -91,13 +91,9 @@ isn't allowed.
.Pp
.It Xr open 2
May open
-.Pa /etc/localtime ,
-any files below
-.Pa /usr/share/zoneinfo
-and files ending in
-.Pa libc.cat
-below the directory
-.Pa /usr/share/nls/ .
+.Pa /etc/localtime
+and any files below
+.Pa /usr/share/zoneinfo .
.Pp
.It Xr readlink 2
May operate on
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index 37146f4f0b3..189f1e66f92 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_pledge.c,v 1.129 2015/12/03 16:05:51 benno Exp $ */
+/* $OpenBSD: kern_pledge.c,v 1.130 2015/12/03 16:50:44 bluhm Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -717,13 +717,6 @@ pledge_namei(struct proc *p, struct nameidata *ni, char *origpath)
strcmp(path, "/etc/localtime") == 0)
return (0);
- /* /usr/share/nls/../libc.cat has to succeed for strerror(3). */
- if ((ni->ni_pledge == PLEDGE_RPATH) &&
- strncmp(path, "/usr/share/nls/",
- sizeof("/usr/share/nls/") - 1) == 0 &&
- strcmp(path + strlen(path) - 9, "/libc.cat") == 0)
- return (0);
-
break;
case SYS_readlink:
/* Allow /etc/malloc.conf for malloc(3). */