From 797e138cc9e968544a3f8ebae58afab26deb8751 Mon Sep 17 00:00:00 2001 From: Sebastien Marie Date: Wed, 28 Oct 2015 14:07:59 +0000 Subject: make sys_chroot() only allowed to be used when pledged, with "rpath id proc". the previous check in pledge_namei() was incomplete. For using SYS_chroot we needed "id", and we could have passed pledge_namei() just with "rpath" (without using the now removed whitelisted entry). the check for "rpath id proc" is now done using p_pledgenote: pledge_namei() will check that the pledgenote is permitted by your pledge. "go ahead" deraadt@ --- sys/kern/kern_pledge.c | 7 +------ sys/kern/vfs_syscalls.c | 4 ++-- 2 files changed, 3 insertions(+), 8 deletions(-) (limited to 'sys') diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index 6a50f2353cf..31a6b3e7ad6 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.87 2015/10/28 13:59:07 semarie Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.88 2015/10/28 14:07:58 semarie Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott @@ -657,11 +657,6 @@ pledge_namei(struct proc *p, char *origpath) strcmp(path, "/etc/resolv.conf") == 0) return (0); break; - case SYS_chroot: - /* Allowed for "proc id" */ - if ((p->p_p->ps_pledge & PLEDGE_PROC)) - return (0); - break; } /* diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 02a60c90e91..ebc165ef135 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vfs_syscalls.c,v 1.234 2015/10/28 11:18:58 deraadt Exp $ */ +/* $OpenBSD: vfs_syscalls.c,v 1.235 2015/10/28 14:07:58 semarie Exp $ */ /* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */ /* @@ -760,7 +760,7 @@ sys_chroot(struct proc *p, void *v, register_t *retval) if ((error = suser(p, 0)) != 0) return (error); - p->p_pledgenote = PLEDGE_RPATH; + p->p_pledgenote = PLEDGE_ID | PLEDGE_PROC | PLEDGE_RPATH; NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE, SCARG(uap, path), p); if ((error = change_dir(&nd, p)) != 0) -- cgit v1.2.3