diff options
| -rw-r--r-- | sys/kern/kern_unveil.c | 14 | ||||
| -rw-r--r-- | sys/sys/acct.h | 3 |
2 files changed, 12 insertions, 5 deletions
diff --git a/sys/kern/kern_unveil.c b/sys/kern/kern_unveil.c index 315d56fac6b..4d20e067b94 100644 --- a/sys/kern/kern_unveil.c +++ b/sys/kern/kern_unveil.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_unveil.c,v 1.27 2019/07/14 03:26:02 guenther Exp $ */ +/* $OpenBSD: kern_unveil.c,v 1.28 2019/07/25 09:37:32 bluhm Exp $ */ /* * Copyright (c) 2017-2019 Bob Beck <beck@openbsd.org> @@ -18,6 +18,7 @@ #include <sys/param.h> +#include <sys/acct.h> #include <sys/mount.h> #include <sys/filedesc.h> #include <sys/proc.h> @@ -823,6 +824,7 @@ unveil_check_final(struct proc *p, struct nameidata *ni) " vnode %p\n", p->p_p->ps_comm, p->p_p->ps_pid, ni->ni_vp); #endif + p->p_p->ps_acflag |= AUNVEIL; if (uv->uv_flags & UNVEIL_USERSET) return EACCES; else @@ -865,10 +867,11 @@ unveil_check_final(struct proc *p, struct nameidata *ni) * EACCESS. Otherwise, use any covering match * that we found above this dir. */ - if (uv->uv_flags & UNVEIL_USERSET) + if (uv->uv_flags & UNVEIL_USERSET) { + p->p_p->ps_acflag |= AUNVEIL; return EACCES; - else - goto done; + } + goto done; } /* directory flags match, update match */ if (uv->uv_flags & UNVEIL_USERSET) @@ -881,6 +884,7 @@ unveil_check_final(struct proc *p, struct nameidata *ni) printf("unveil: %s(%d) flag mismatch for terminal '%s'\n", p->p_p->ps_comm, p->p_p->ps_pid, tname->un_name); #endif + p->p_p->ps_acflag |= AUNVEIL; return EACCES; } /* name and flags match in this dir. update match*/ @@ -903,8 +907,10 @@ done: p->p_p->ps_comm, p->p_p->ps_pid, ni->ni_cnd.cn_nameptr, ni->ni_unveil_match->uv_vp); #endif + p->p_p->ps_acflag |= AUNVEIL; return EACCES; } + p->p_p->ps_acflag |= AUNVEIL; return ENOENT; } diff --git a/sys/sys/acct.h b/sys/sys/acct.h index 4e17b45c03b..f10e6c2e0a9 100644 --- a/sys/sys/acct.h +++ b/sys/sys/acct.h @@ -1,4 +1,4 @@ -/* $OpenBSD: acct.h,v 1.7 2017/06/08 17:14:02 bluhm Exp $ */ +/* $OpenBSD: acct.h,v 1.8 2019/07/25 09:37:32 bluhm Exp $ */ /* $NetBSD: acct.h,v 1.16 1995/03/26 20:23:52 jtc Exp $ */ /*- @@ -63,6 +63,7 @@ struct acct { #define AXSIG 0x10 /* killed by a signal */ #define APLEDGE 0x20 /* killed due to pledge violation */ #define ATRAP 0x40 /* memory access violation */ +#define AUNVEIL 0x80 /* unveil access violation */ u_int8_t ac_flag; /* accounting flags */ }; |