diff options
| author | Sebastien Marie <semarie@cvs.openbsd.org> | 2015-12-16 08:27:33 +0000 |
|---|---|---|
| committer | Sebastien Marie <semarie@cvs.openbsd.org> | 2015-12-16 08:27:33 +0000 |
| commit | 2a602b0522534027fef30565d409c641a269d3ff (patch) | |
| tree | 5402039514d1a497ebf640f30069ef99eed6801e /sys | |
| parent | 177fea08e7159e3cbf3f47ab89271d447273c3a9 (diff) | |
in pledged process, setuid/setgid/sticky bits should be ignored.
enforce it for mkfifo(2) and mknod(2) (with "dpath" promise).
ok deraadt@
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/kern/vfs_syscalls.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index c3a5d37d2b4..017ecd2ac88 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.247 2015/12/05 10:11:53 tedu Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.248 2015/12/16 08:27:32 semarie Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -1244,6 +1244,8 @@ domknodat(struct proc *p, int fd, const char *path, mode_t mode, dev_t dev) else { VATTR_NULL(&vattr); vattr.va_mode = (mode & ALLPERMS) &~ p->p_fd->fd_cmask; + if ((p->p_p->ps_flags & PS_PLEDGE)) + vattr.va_mode &= ACCESSPERMS; vattr.va_rdev = dev; switch (mode & S_IFMT) { |