diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2022-09-02 07:37:58 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2022-09-02 07:37:58 +0000 |
| commit | 9b6d7de948017a16721bf5ca1df270a39ef0d28a (patch) | |
| tree | 0b93f88efda91cec8943ac37f2d7f39b34220fb0 | |
| parent | 8b5ea5b7dd7eda6f56c2061daeda74498a0075c3 (diff) | |
openpty() family of functions use /dev/ptm PTMGET to open a master+slave fd
pair, and also provides their names. Internally, 3 NDINIT+namei operations
access /dev/[tp]ty[p-zP-T][0-9a-zA-Z], of these 2 followed unveil restrictions.
I argue if you unveil /dev/ptm, (and not the 372 other nodes), you still want
openpty() to provide you with working fd's, and the names, which the caller
will probably never open manually, because the fd's are given.
So change all NDINIT to use KERNELPATH, bypassing unveil.
ok semarie
| -rw-r--r-- | sys/kern/tty_pty.c | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/sys/kern/tty_pty.c b/sys/kern/tty_pty.c index 49683f44005..2d51d9caf2c 100644 --- a/sys/kern/tty_pty.c +++ b/sys/kern/tty_pty.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tty_pty.c,v 1.113 2022/07/02 08:50:42 visa Exp $ */ +/* $OpenBSD: tty_pty.c,v 1.114 2022/09/02 07:37:57 deraadt Exp $ */ /* $NetBSD: tty_pty.c,v 1.33.4.1 1996/06/02 09:08:11 mrg Exp $ */ /* @@ -1110,7 +1110,7 @@ retry: if ((error = check_pty(newdev))) goto bad; pti = pt_softc[minor(newdev)]; - NDINIT(&cnd, LOOKUP, NOFOLLOW|LOCKLEAF, UIO_SYSSPACE, + NDINIT(&cnd, LOOKUP, NOFOLLOW|LOCKLEAF|KERNELPATH, UIO_SYSSPACE, pti->pty_pn, p); cnd.ni_pledge = PLEDGE_RPATH | PLEDGE_WPATH; if ((error = ptm_vn_open(&cnd)) != 0) { @@ -1137,10 +1137,9 @@ retry: * 2. Revoke all the users of the slave. * 3. open the slave. */ - NDINIT(&snd, LOOKUP, NOFOLLOW|LOCKLEAF, UIO_SYSSPACE, + NDINIT(&snd, LOOKUP, NOFOLLOW|LOCKLEAF|KERNELPATH, UIO_SYSSPACE, pti->pty_sn, p); snd.ni_pledge = PLEDGE_RPATH | PLEDGE_WPATH; - snd.ni_unveil = UNVEIL_READ | UNVEIL_WRITE; if ((error = namei(&snd)) != 0) goto bad; if ((snd.ni_vp->v_mount->mnt_flag & MNT_RDONLY) == 0) { @@ -1172,10 +1171,9 @@ retry: */ vrele(snd.ni_vp); - NDINIT(&snd, LOOKUP, NOFOLLOW|LOCKLEAF, UIO_SYSSPACE, + NDINIT(&snd, LOOKUP, NOFOLLOW|LOCKLEAF|KERNELPATH, UIO_SYSSPACE, pti->pty_sn, p); snd.ni_pledge = PLEDGE_RPATH | PLEDGE_WPATH; - snd.ni_unveil= UNVEIL_READ | UNVEIL_WRITE; /* now open it */ if ((error = ptm_vn_open(&snd)) != 0) goto bad; |