From 240eb9bf1bbe66bc93496b694b6faa1f7fc85763 Mon Sep 17 00:00:00 2001 From: Reyk Floeter Date: Fri, 13 Jul 2018 10:26:58 +0000 Subject: Check the disk/kernel/cdrom file permissions after openening the fd. This prevents time of TOCTOU attacks for instances. OK mlarkin@ --- usr.sbin/vmd/vmd.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'usr.sbin/vmd/vmd.h') diff --git a/usr.sbin/vmd/vmd.h b/usr.sbin/vmd/vmd.h index 7da53185887..bf670f5eb95 100644 --- a/usr.sbin/vmd/vmd.h +++ b/usr.sbin/vmd/vmd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: vmd.h,v 1.76 2018/07/13 08:42:49 reyk Exp $ */ +/* $OpenBSD: vmd.h,v 1.77 2018/07/13 10:26:57 reyk Exp $ */ /* * Copyright (c) 2015 Mike Larkin @@ -149,6 +149,9 @@ struct vmop_create_params { #define VMOP_CREATE_CDROM 0x20 #define VMOP_CREATE_INSTANCE 0x40 + /* same flags; check for access to these resources */ + unsigned int vmc_checkaccess; + /* userland-only part of the create params */ unsigned int vmc_ifflags[VMM_MAX_NICS_PER_VM]; #define VMIFF_UP 0x01 @@ -321,7 +324,7 @@ void vm_remove(struct vmd_vm *, const char *); int vm_register(struct privsep *, struct vmop_create_params *, struct vmd_vm **, uint32_t, uid_t); int vm_checkperm(struct vmd_vm *, struct vmop_owner *, uid_t); -int vm_checkaccess(const char *, uid_t, int); +int vm_checkaccess(int, unsigned int, uid_t, int); int vm_opentty(struct vmd_vm *); void vm_closetty(struct vmd_vm *); void switch_remove(struct vmd_switch *); -- cgit v1.2.3