summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2015-10-16 14:20:49 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2015-10-16 14:20:49 +0000
commitcbb1042b55755d8a54ff1299af6b295a9bfe752f (patch)
treea44bd6ad00869bf9262d5cb3c9611e589fd79877 /sys
parentea08abed08c3c65d98b795af5b6720b0bb9fd80c (diff)
Always allow a r/w opening of /dev/null though the namei check. This
pattern is common, especially because of daemon(3) usage. Will probably help some daemons move their pledge() calls further upwards. ok doug,
Diffstat (limited to 'sys')
-rw-r--r--sys/kern/kern_pledge.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index b3e3f298615..6bcbaf2f15f 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_pledge.c,v 1.36 2015/10/16 14:04:11 semarie Exp $ */
+/* $OpenBSD: kern_pledge.c,v 1.37 2015/10/16 14:20:48 deraadt Exp $ */
/*
* Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -537,6 +537,13 @@ pledge_namei(struct proc *p, char *origpath)
return (0);
break;
case SYS_open:
+ /* daemon(3) or other such functions */
+ if ((p->p_pledgenote == TMN_RPATH ||
+ p->p_pledgenote == TMN_WPATH)) {
+ if (strcmp(path, "/dev/null") == 0)
+ return (0);
+ }
+
/* getpw* and friends need a few files */
if ((p->p_pledgenote == TMN_RPATH) &&
(p->p_p->ps_pledge & PLEDGE_GETPW)) {