diff options
| author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-10-16 14:20:49 +0000 |
|---|---|---|
| committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2015-10-16 14:20:49 +0000 |
| commit | cbb1042b55755d8a54ff1299af6b295a9bfe752f (patch) | |
| tree | a44bd6ad00869bf9262d5cb3c9611e589fd79877 /sys/kern | |
| parent | ea08abed08c3c65d98b795af5b6720b0bb9fd80c (diff) | |
Always allow a r/w opening of /dev/null though the namei check. This
pattern is common, especially because of daemon(3) usage. Will probably
help some daemons move their pledge() calls further upwards.
ok doug,
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/kern_pledge.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index b3e3f298615..6bcbaf2f15f 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.36 2015/10/16 14:04:11 semarie Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.37 2015/10/16 14:20:48 deraadt Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -537,6 +537,13 @@ pledge_namei(struct proc *p, char *origpath) return (0); break; case SYS_open: + /* daemon(3) or other such functions */ + if ((p->p_pledgenote == TMN_RPATH || + p->p_pledgenote == TMN_WPATH)) { + if (strcmp(path, "/dev/null") == 0) + return (0); + } + /* getpw* and friends need a few files */ if ((p->p_pledgenote == TMN_RPATH) && (p->p_p->ps_pledge & PLEDGE_GETPW)) { |