diff options
author | semarie <semarie@openbsd.org> | 2015-11-05 15:10:11 +0000 |
---|---|---|
committer | semarie <semarie@openbsd.org> | 2015-11-05 15:10:11 +0000 |
commit | ddd71a3cd45fb5dc5ab07c31a6a210206b67a7f1 (patch) | |
tree | fcf380a16b64b3f1c9c2c685994b548a64f85e72 | |
parent | quick fix for a regression introduced by sys/kern/kern_pledge.c 1.103 (diff) | |
download | wireguard-openbsd-ddd71a3cd45fb5dc5ab07c31a6a210206b67a7f1.tar.xz wireguard-openbsd-ddd71a3cd45fb5dc5ab07c31a6a210206b67a7f1.zip |
revert sys/kern/kern_pledge.c 1.103 and reenable pledge in pwd_mkdb
ok deraadt@
-rw-r--r-- | sys/kern/kern_pledge.c | 16 | ||||
-rw-r--r-- | usr.sbin/pwd_mkdb/pwd_mkdb.c | 4 |
2 files changed, 4 insertions, 16 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c index b7ca1e8cd95..0e4b320605d 100644 --- a/sys/kern/kern_pledge.c +++ b/sys/kern/kern_pledge.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_pledge.c,v 1.104 2015/11/04 21:24:23 tedu Exp $ */ +/* $OpenBSD: kern_pledge.c,v 1.105 2015/11/05 15:10:11 semarie Exp $ */ /* * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org> @@ -599,18 +599,6 @@ pledge_namei(struct proc *p, struct nameidata *ni, char *origpath) if (error) return (pledge_fail(p, error, 0)); - /* Blacklisted paths */ - switch (p->p_pledge_syscall) { - case SYS_stat: - case SYS_lstat: - case SYS_fstatat: - case SYS_fstat: - break; - default: - if (strcmp(path, "/etc/spwd.db") == 0) - return (EPERM); - } - /* Detect what looks like a mkstemp(3) family operation */ if ((p->p_p->ps_pledge & PLEDGE_TMPPATH) && (p->p_pledge_syscall == SYS_open) && @@ -653,6 +641,8 @@ pledge_namei(struct proc *p, struct nameidata *ni, char *origpath) /* getpw* and friends need a few files */ if ((ni->ni_pledge == PLEDGE_RPATH) && (p->p_p->ps_pledge & PLEDGE_GETPW)) { + if (strcmp(path, "/etc/spwd.db") == 0) + return (EPERM); /* don't call pledge_fail */ if (strcmp(path, "/etc/pwd.db") == 0) return (0); if (strcmp(path, "/etc/group") == 0) diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c index c1a2c76f831..35648a44721 100644 --- a/usr.sbin/pwd_mkdb/pwd_mkdb.c +++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pwd_mkdb.c,v 1.52 2015/11/05 13:48:51 semarie Exp $ */ +/* $OpenBSD: pwd_mkdb.c,v 1.53 2015/11/05 15:10:11 semarie Exp $ */ /*- * Copyright (c) 1991, 1993, 1994 @@ -233,10 +233,8 @@ main(int argc, char **argv) warn("%s: unable to make group readable", _PATH_SMP_DB); clean |= FILE_SECURE; -#if 0 if (pledge("stdio rpath wpath cpath getpw fattr flock", NULL) == -1) err(1, "pledge"); -#endif /* Open the temporary insecure password database. */ if (!secureonly) { |