diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2016-09-02 18:11:29 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2016-09-02 18:11:29 +0000 |
| commit | 6dad287e9d0d1aa7a403f69e6fd0f6d94691faad (patch) | |
| tree | d44855b652de12d07d6f25154110382cca23f283 /sys/kern/kern_prot.c | |
| parent | dc2535bc7e2ed20c8f1e9c852fcdd0bad7a48e48 (diff) | |
add a concept of 'verified auth' to sessions. When set via ioctl,
the user and parent process are recorded. Later, this info may be tested
and used to bypass authorization requirements.
ie, doas won't ask for your password again.
Great idea from henning.
ok deraadt guenther henning
Diffstat (limited to 'sys/kern/kern_prot.c')
| -rw-r--r-- | sys/kern/kern_prot.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 596be98f89e..ec9322bc426 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_prot.c,v 1.65 2016/03/30 07:49:11 guenther Exp $ */ +/* $OpenBSD: kern_prot.c,v 1.66 2016/09/02 18:11:28 tedu Exp $ */ /* $NetBSD: kern_prot.c,v 1.33 1996/02/09 18:59:42 christos Exp $ */ /* @@ -225,6 +225,7 @@ sys_setsid(struct proc *p, void *v, register_t *retval) pid_t pid = pr->ps_pid; newsess = pool_get(&session_pool, PR_WAITOK); + timeout_set(&newsess->s_verauthto, zapverauth, newsess); newpgrp = pool_get(&pgrp_pool, PR_WAITOK); if (pr->ps_pgid == pid || pgfind(pid)) { |