diff options
| author | kn <kn@cvs.openbsd.org> | 2021-01-20 07:30:52 +0000 |
|---|---|---|
| committer | kn <kn@cvs.openbsd.org> | 2021-01-20 07:30:52 +0000 |
| commit | a092172f5f395e53a68148f7ce5b67f87f8a0741 (patch) | |
| tree | 901cbbb44c4089fda229d45e068ff8e2231ef3ba /usr.bin | |
| parent | 2155bdf5d993d82690499e7d2631836cae42faa6 (diff) | |
Pledge before authentication when possible
Generally, pleding before parsing the file seems hardly possible due to
unveil() being involved.
Pledging in case of the winning rule being a "persist" one is not possible
either due to TIOC{SET,CHK}VERAUTH not being allowed in the "tty" pledge.
But if "persist" is not used, we can pledge before authentication
without having to hoist or chang anything.
Feedback deraadt tedu
OK tdeu
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/doas/doas.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index 12ccf25c970..ff3a59c881d 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.86 2021/01/16 09:18:41 martijn Exp $ */ +/* $OpenBSD: doas.c,v 1.87 2021/01/20 07:30:51 kn Exp $ */ /* * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> * @@ -206,11 +206,15 @@ authuser(char *myname, char *login_style, int persist) auth_session_t *as; int fd = -1; - if (persist) + if (persist) { fd = open("/dev/tty", O_RDWR); - if (fd != -1) { - if (ioctl(fd, TIOCCHKVERAUTH) == 0) - goto good; + if (fd != -1) { + if (ioctl(fd, TIOCCHKVERAUTH) == 0) + goto good; + } + } else { + if (pledge("stdio rpath getpw exec id unveil", NULL) == -1) + err(1, "pledge"); } if (!(as = auth_userchallenge(myname, login_style, "auth-doas", |