diff options
-rw-r--r-- | sys/kern/kern_unveil.c | 28 | ||||
-rw-r--r-- | sys/kern/vfs_syscalls.c | 11 | ||||
-rw-r--r-- | sys/sys/namei.h | 4 | ||||
-rw-r--r-- | sys/sys/proc.h | 20 |
4 files changed, 33 insertions, 30 deletions
diff --git a/sys/kern/kern_unveil.c b/sys/kern/kern_unveil.c index 1a2f281e94b..31a52b89d13 100644 --- a/sys/kern/kern_unveil.c +++ b/sys/kern/kern_unveil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_unveil.c,v 1.36 2020/01/22 07:52:37 deraadt Exp $ */ +/* $OpenBSD: kern_unveil.c,v 1.37 2020/03/19 13:55:20 anton Exp $ */ /* * Copyright (c) 2017-2019 Bob Beck <beck@openbsd.org> @@ -38,6 +38,23 @@ #include <sys/pledge.h> +struct unvname { + char *un_name; + size_t un_namesize; + u_char un_flags; + RBT_ENTRY(unvnmae) un_rbt; +}; + +RBT_HEAD(unvname_rbt, unvname); + +struct unveil { + struct vnode *uv_vp; + ssize_t uv_cover; + struct unvname_rbt uv_names; + struct rwlock uv_lock; + u_char uv_flags; +}; + /* #define DEBUG_UNVEIL */ #define UNVEIL_MAX_VNODES 128 @@ -639,6 +656,15 @@ unveil_add(struct proc *p, struct nameidata *ndp, const char *permissions) done: if (ret == 0) unveil_add_traversed_vnodes(p, ndp); + + pr->ps_uvpcwd = unveil_lookup(p->p_fd->fd_cdir, pr, NULL); + if (pr->ps_uvpcwd == NULL) { + ssize_t i = unveil_find_cover(p->p_fd->fd_cdir, p); + + if (i >= 0) + pr->ps_uvpcwd = &pr->ps_uvpaths[i]; + } + return ret; } diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 3a8c9208f9e..44dcf3c117e 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.343 2020/03/13 10:07:01 anton Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.344 2020/03/19 13:55:20 anton Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -1034,15 +1034,8 @@ sys_unveil(struct proc *p, void *v, register_t *retval) if (nd.ni_dvp && nd.ni_dvp != nd.ni_vp) VOP_UNLOCK(nd.ni_dvp); - if (allow) { + if (allow) error = unveil_add(p, &nd, permissions); - pr->ps_uvpcwd = unveil_lookup(p->p_fd->fd_cdir, pr, NULL); - if (pr->ps_uvpcwd == NULL) { - ssize_t i = unveil_find_cover(p->p_fd->fd_cdir, p); - if (i >= 0) - pr->ps_uvpcwd = &pr->ps_uvpaths[i]; - } - } else error = EPERM; diff --git a/sys/sys/namei.h b/sys/sys/namei.h index 0c72abd4d52..975dfa9b2f5 100644 --- a/sys/sys/namei.h +++ b/sys/sys/namei.h @@ -1,4 +1,4 @@ -/* $OpenBSD: namei.h,v 1.44 2019/11/29 20:58:17 guenther Exp $ */ +/* $OpenBSD: namei.h,v 1.45 2020/03/19 13:55:20 anton Exp $ */ /* $NetBSD: namei.h,v 1.11 1996/02/09 18:25:20 christos Exp $ */ /* @@ -39,6 +39,8 @@ #include <sys/tree.h> #include <sys/uio.h> +struct unveil; + /* * Encapsulation of namei parameters. */ diff --git a/sys/sys/proc.h b/sys/sys/proc.h index 5378afa7717..d6f3b225de3 100644 --- a/sys/sys/proc.h +++ b/sys/sys/proc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: proc.h,v 1.291 2020/03/18 15:48:22 visa Exp $ */ +/* $OpenBSD: proc.h,v 1.292 2020/03/19 13:55:20 anton Exp $ */ /* $NetBSD: proc.h,v 1.44 1996/04/22 01:23:21 christos Exp $ */ /*- @@ -50,7 +50,6 @@ #include <sys/resource.h> /* For struct rusage */ #include <sys/rwlock.h> /* For struct rwlock */ #include <sys/sigio.h> /* For struct sigio */ -#include <sys/tree.h> #ifdef _KERNEL #include <sys/atomic.h> @@ -129,15 +128,6 @@ struct tusage { uint64_t tu_iticks; /* Statclock hits processing intr. */ }; -struct unvname { - char *un_name; - size_t un_namesize; - u_char un_flags; - RBT_ENTRY(unvnmae) un_rbt; -}; - -RBT_HEAD(unvname_rbt, unvname); - /* * Description of a process. * @@ -464,14 +454,6 @@ struct proc { #ifdef _KERNEL -struct unveil { - struct vnode *uv_vp; - ssize_t uv_cover; - struct unvname_rbt uv_names; - struct rwlock uv_lock; - u_char uv_flags; -}; - struct uidinfo { LIST_ENTRY(uidinfo) ui_hash; uid_t ui_uid; |