diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2022-11-09 22:25:09 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2022-11-09 22:25:09 +0000 |
| commit | be9ceb726d8bd7c50fe6d13eec8637f2aaa66807 (patch) | |
| tree | d190a2dce61d9275ebff223f5d821338bedc8cd1 | |
| parent | abbbfc246eb2c15e1e6b428fcba61d245c36ea23 (diff) | |
Some limited setsockopt/getsockopt are allowed in pledge "stdio".
Also allow IPPROTO_TCP:TCP_NODELAY
It is very small kernel code, and will allow some software to drop "inet"
requested by djm
| -rw-r--r-- | sys/kern/kern_pledge.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index e78f941cb77..af2a80cd8d7 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.297 2022/11/08 19:17:58 robert Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.298 2022/11/09 22:25:08 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -1374,6 +1374,11 @@ pledge_sockopt(struct proc *p, int set, int level, int optname) return (0); } break; + case IPPROTO_TCP: + switch (optname) { + case TCP_NODELAY: + return (0); + break; } if ((pledge & PLEDGE_WROUTE)) { @@ -1426,7 +1431,6 @@ pledge_sockopt(struct proc *p, int set, int level, int optname) switch (level) { case IPPROTO_TCP: switch (optname) { - case TCP_NODELAY: case TCP_MD5SIG: case TCP_SACK_ENABLE: case TCP_MAXSEG: |