diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2024-02-15 18:57:59 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2024-02-15 18:57:59 +0000 |
| commit | 5ae30160c6232324a4b6c7403488452167136e4f (patch) | |
| tree | 25c4ba4b9ab71a539a41454eef3d9290de303a42 /usr.bin/doas | |
| parent | 64f0000613f021c377f73b63362e83efccd70069 (diff) | |
change permit to be more bits away from deny, because rowhammer.
not really sure why this is our problem, but the diff is small.
ok deraadt millert miod
Diffstat (limited to 'usr.bin/doas')
| -rw-r--r-- | usr.bin/doas/doas.c | 18 | ||||
| -rw-r--r-- | usr.bin/doas/doas.h | 4 |
2 files changed, 13 insertions, 9 deletions
diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index 8b684d6006c..3999b2e2f64 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.98 2022/12/22 19:53:22 kn Exp $ */ +/* $OpenBSD: doas.c,v 1.99 2024/02/15 18:57:58 tedu Exp $ */ /* * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> * @@ -145,8 +145,10 @@ permit(uid_t uid, gid_t *groups, int ngroups, const struct rule **lastr, *lastr = rules[i]; } if (!*lastr) + return -1; + if ((*lastr)->action == PERMIT) return 0; - return (*lastr)->action == PERMIT; + return -1; } static void @@ -181,6 +183,7 @@ checkconfig(const char *confpath, int argc, char **argv, uid_t uid, gid_t *groups, int ngroups, uid_t target) { const struct rule *rule; + int rv; setresuid(uid, uid, uid); if (pledge("stdio rpath getpw", NULL) == -1) @@ -188,9 +191,9 @@ checkconfig(const char *confpath, int argc, char **argv, parseconfig(confpath, 0); if (!argc) exit(0); - - if (permit(uid, groups, ngroups, &rule, target, argv[0], - (const char **)argv + 1)) { + rv = permit(uid, groups, ngroups, &rule, target, argv[0], + (const char **)argv + 1); + if (rv == 0) { printf("permit%s\n", (rule->options & NOPASS) ? " nopass" : ""); exit(0); } else { @@ -412,8 +415,9 @@ main(int argc, char **argv) } cmd = argv[0]; - if (!permit(uid, groups, ngroups, &rule, target, cmd, - (const char **)argv + 1)) { + rv = permit(uid, groups, ngroups, &rule, target, cmd, + (const char **)argv + 1); + if (rv != 0) { syslog(LOG_AUTHPRIV | LOG_NOTICE, "command not permitted for %s: %s", mypw->pw_name, cmdline); errc(1, EPERM, NULL); diff --git a/usr.bin/doas/doas.h b/usr.bin/doas/doas.h index b98fe353b18..ce6a03618ac 100644 --- a/usr.bin/doas/doas.h +++ b/usr.bin/doas/doas.h @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.h,v 1.19 2021/11/30 20:08:15 tobias Exp $ */ +/* $OpenBSD: doas.h,v 1.20 2024/02/15 18:57:58 tedu Exp $ */ /* * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> * @@ -36,7 +36,7 @@ struct passwd; char **prepenv(const struct rule *, const struct passwd *, const struct passwd *); -#define PERMIT 1 +#define PERMIT -1 #define DENY 2 #define NOPASS 0x1 |