diff options
| author |   mestre <mestre@openbsd.org> | 2016-04-26 13:30:12 +0000 |
|---|---|---|
| committer | mestre <mestre@openbsd.org> | 2016-04-26 13:30:12 +0000 |
| commit | d79ad1b7d9f60f10562f4ce10f07702d29ba559c (patch) | |
| tree | c21f10353d6c16f65c545be776c8929ca34c7f9f | |
| parent | Restore intro comment to sr_hotspare_rebuild(), which was erroneously (diff) | |
| download | wireguard-openbsd-d79ad1b7d9f60f10562f4ce10f07702d29ba559c.tar.xz wireguard-openbsd-d79ad1b7d9f60f10562f4ce10f07702d29ba559c.zip | |
Add pledge(2) promises independently on each user(8)'s functions as follows:
useradd: stdio rpath wpath cpath fattr flock proc exec getpw id
usermod: stdio rpath wpath cpath fattr flock proc exec getpw id
userdel: stdio rpath wpath cpath fattr flock proc exec getpw id
userinfo: stdio getpw
groupadd: stdio rpath wpath cpath fattr flock getpw
groupmod: stdio rpath wpath cpath fattr flock
groupdel: stdio rpath wpath cpath fattr flock
groupinfo: stdio getpw
This was extensively tested by me and tim@ who found some issues on my first
versions. deraadt@ prodded me to commit this now to check who uses it in order
to report back any fallbacks with the diff, if you find any please inform us.
| -rw-r--r-- | usr.sbin/user/user.c | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/usr.sbin/user/user.c b/usr.sbin/user/user.c index 9ece6746761..6b58768e9c0 100644 --- a/usr.sbin/user/user.c +++ b/usr.sbin/user/user.c @@ -1,4 +1,4 @@ -/* $OpenBSD: user.c,v 1.108 2016/03/29 17:21:50 mestre Exp $ */ +/* $OpenBSD: user.c,v 1.109 2016/04/26 13:30:12 mestre Exp $ */ /* $NetBSD: user.c,v 1.69 2003/04/14 17:40:07 agc Exp $ */ /* @@ -1847,6 +1847,11 @@ useradd(int argc, char **argv) usermgmt_usage("useradd"); } } + + if (pledge("stdio rpath wpath cpath fattr flock proc exec getpw id", + NULL) == -1) + err(1, "pledge"); + if (bigD) { if (defaultfield) { checkeuid(); @@ -1981,6 +1986,11 @@ usermod(int argc, char **argv) usermgmt_usage("usermod"); } } + + if (pledge("stdio rpath wpath cpath fattr flock proc exec getpw id", + NULL) == -1) + err(1, "pledge"); + if ((u.u_flags & F_MKDIR) && !(u.u_flags & F_HOMEDIR) && !(u.u_flags & F_USERNAME)) { warnx("option 'm' useless without 'd' or 'l' -- ignored"); @@ -2051,6 +2061,11 @@ userdel(int argc, char **argv) if (argc != 1) { usermgmt_usage("userdel"); } + + if (pledge("stdio rpath wpath cpath fattr flock proc exec getpw id", + NULL) == -1) + err(1, "pledge"); + checkeuid(); if ((pwp = getpwnam(*argv)) == NULL) { warnx("No such user `%s'", *argv); @@ -2109,6 +2124,10 @@ groupadd(int argc, char **argv) if (argc != 1) { usermgmt_usage("groupadd"); } + + if (pledge("stdio rpath wpath cpath fattr flock getpw", NULL) == -1) + err(1, "pledge"); + checkeuid(); if (!valid_group(*argv)) { errx(EXIT_FAILURE, "invalid group name `%s'", *argv); @@ -2153,6 +2172,10 @@ groupdel(int argc, char **argv) warnx("No such group: `%s'", *argv); return EXIT_FAILURE; } + + if (pledge("stdio rpath wpath cpath fattr flock", NULL) == -1) + err(1, "pledge"); + if (!modify_gid(*argv, NULL)) { err(EXIT_FAILURE, "can't change %s file", _PATH_GROUP); } @@ -2212,6 +2235,10 @@ groupmod(int argc, char **argv) if ((grp = getgrnam(*argv)) == NULL) { errx(EXIT_FAILURE, "can't find group `%s' to modify", *argv); } + + if (pledge("stdio rpath wpath cpath fattr flock", NULL) == -1) + err(1, "pledge"); + if (!is_local(*argv, _PATH_GROUP)) { errx(EXIT_FAILURE, "Group `%s' must be a local group", *argv); } @@ -2271,6 +2298,10 @@ userinfo(int argc, char **argv) if (argc != 1) { usermgmt_usage("userinfo"); } + + if (pledge("stdio getpw", NULL) == -1) + err(1, "pledge"); + pwp = find_user_info(*argv); if (exists) { exit((pwp) ? EXIT_SUCCESS : EXIT_FAILURE); @@ -2329,6 +2360,10 @@ groupinfo(int argc, char **argv) if (argc != 1) { usermgmt_usage("groupinfo"); } + + if (pledge("stdio getpw", NULL) == -1) + err(1, "pledge"); + grp = find_group_info(*argv); if (exists) { exit((grp) ? EXIT_SUCCESS : EXIT_FAILURE); |