From 392c528c9ea324559a22167da98ae00cf2974225 Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Mon, 13 Aug 2018 23:12:40 +0000 Subject: Instead of using BYPASSUNVEIL at NDINIT time, use KERNELPATH to indicate we want to skip all userland-related checks. Discussed with beck and semarie, tested by stsp. --- sys/dev/firmload.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/sys/dev/firmload.c b/sys/dev/firmload.c index 9c258d9d80f..e8ade9e3ece 100644 --- a/sys/dev/firmload.c +++ b/sys/dev/firmload.c @@ -1,4 +1,4 @@ -/* $OpenBSD: firmload.c,v 1.15 2018/08/05 23:19:49 deraadt Exp $ */ +/* $OpenBSD: firmload.c,v 1.16 2018/08/13 23:12:39 deraadt Exp $ */ /* * Copyright (c) 2004 Theo de Raadt @@ -25,6 +25,7 @@ #include #include #include +#include int loadfirmware(const char *name, u_char **bufp, size_t *buflen) @@ -50,8 +51,9 @@ loadfirmware(const char *name, u_char **bufp, size_t *buflen) goto err; } - NDINIT(&nid, LOOKUP, NOFOLLOW|LOCKLEAF, UIO_SYSSPACE, path, p); - nid.ni_cnd.cn_flags |= BYPASSUNVEIL; + NDINIT(&nid, LOOKUP, NOFOLLOW|LOCKLEAF|KERNELPATH, + UIO_SYSSPACE, path, p); + nid.ni_pledge = PLEDGE_RPATH; error = namei(&nid); #ifdef RAMDISK_HOOKS /* try again with mounted disk */ @@ -62,8 +64,9 @@ loadfirmware(const char *name, u_char **bufp, size_t *buflen) goto err; } - NDINIT(&nid, LOOKUP, NOFOLLOW|LOCKLEAF, UIO_SYSSPACE, path, p); - nid.ni_cnd.cn_flags |= BYPASSUNVEIL; + NDINIT(&nid, LOOKUP, NOFOLLOW|LOCKLEAF|KERNELPATH, + UIO_SYSSPACE, path, p); + nid.ni_pledge = PLEDGE_RPATH; error = namei(&nid); } #endif -- cgit v1.2.3