summaryrefslogtreecommitdiff
path: root/sys/kern/kern_pledge.c
diff options
context:
space:
mode:
authorSebastien Marie <semarie@cvs.openbsd.org>2016-05-15 05:04:29 +0000
committerSebastien Marie <semarie@cvs.openbsd.org>2016-05-15 05:04:29 +0000
commit188283dd59b2141b721f4a456450c5753570c137 (patch)
treebb28c3223e1696eb8cf9e6f1d6ed90e6a5728837 /sys/kern/kern_pledge.c
parent7435f9660783d61d893016ae30a38d6d3f440409 (diff)
remove chroot(2) from allowed syscalls under pledge(2).
please note that chrooted process are still possible with pledge(2), but only if the chroot(2) is done *before* calling pledge(2). Once pledged, no more chroot(2) call are permitted.
Diffstat (limited to 'sys/kern/kern_pledge.c')
-rw-r--r--sys/kern/kern_pledge.c4
1 files changed, 1 insertions, 3 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index e30e3ee95e5..4284c4bd5c7 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_pledge.c,v 1.165 2016/04/28 14:25:08 beck Exp $ */
+/* $OpenBSD: kern_pledge.c,v 1.166 2016/05/15 05:04:28 semarie Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -309,8 +309,6 @@ const uint64_t pledge_syscalls[SYS_MAXSYSCALL] = {
[SYS_mkfifo] = PLEDGE_DPATH,
[SYS_mknod] = PLEDGE_DPATH,
- [SYS_chroot] = PLEDGE_ID, /* also requires PLEDGE_PROC */
-
[SYS_revoke] = PLEDGE_TTY, /* also requires PLEDGE_RPATH */
/*
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-01 04:29:55 +0000