diff options
| author | Sebastien Marie <semarie@cvs.openbsd.org> | 2016-05-15 05:04:29 +0000 |
|---|---|---|
| committer | Sebastien Marie <semarie@cvs.openbsd.org> | 2016-05-15 05:04:29 +0000 |
| commit | 188283dd59b2141b721f4a456450c5753570c137 (patch) | |
| tree | bb28c3223e1696eb8cf9e6f1d6ed90e6a5728837 /sys/kern/vfs_syscalls.c | |
| parent | 7435f9660783d61d893016ae30a38d6d3f440409 (diff) | |
remove chroot(2) from allowed syscalls under pledge(2).
please note that chrooted process are still possible with pledge(2), but only
if the chroot(2) is done *before* calling pledge(2). Once pledged, no more
chroot(2) call are permitted.
Diffstat (limited to 'sys/kern/vfs_syscalls.c')
| -rw-r--r-- | sys/kern/vfs_syscalls.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 3da1fe512d7..7a0aa126a59 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.253 2016/03/27 11:39:37 bluhm Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.254 2016/05/15 05:04:28 semarie Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -755,7 +755,6 @@ sys_chroot(struct proc *p, void *v, register_t *retval) return (error); NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, SCARG(uap, path), p); - nd.ni_pledge = PLEDGE_ID | PLEDGE_PROC | PLEDGE_RPATH; if ((error = change_dir(&nd, p)) != 0) return (error); if (fdp->fd_rdir != NULL) { |