diff options
| author | Bob Beck <beck@cvs.openbsd.org> | 2018-08-05 14:23:58 +0000 |
|---|---|---|
| committer | Bob Beck <beck@cvs.openbsd.org> | 2018-08-05 14:23:58 +0000 |
| commit | cf7832bf479e6eb3abae1ca89d2faa68cef42a75 (patch) | |
| tree | 6bac65c4fa10dcf734e866c0170e71e863fb313c /sys/kern/exec_elf.c | |
| parent | 019dcb6d0e1163bcc7709bf484fc64bc19c9ce3d (diff) | |
Decouple unveil from the pledge flags, by adding dedicated unveil flags
to the namei args. This fixes a bug where chmod would be allowed when
with only READ. This also allows some further cleanup of some awkward
things like PLEDGE_STAT that will follow
Lots of assistence from semarie@ - thanks!
ok semarie@
Diffstat (limited to 'sys/kern/exec_elf.c')
| -rw-r--r-- | sys/kern/exec_elf.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/kern/exec_elf.c b/sys/kern/exec_elf.c index 4af0134b9b0..79cbce3f885 100644 --- a/sys/kern/exec_elf.c +++ b/sys/kern/exec_elf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exec_elf.c,v 1.145 2018/07/20 21:57:26 deraadt Exp $ */ +/* $OpenBSD: exec_elf.c,v 1.146 2018/08/05 14:23:57 beck Exp $ */ /* * Copyright (c) 1996 Per Fogelstrom @@ -332,6 +332,7 @@ elf_load_file(struct proc *p, char *path, struct exec_package *epp, NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_SYSSPACE, path, p); nd.ni_pledge = PLEDGE_RPATH; + nd.ni_unveil = UNVEIL_READ; if ((error = namei(&nd)) != 0) { return (error); } |