Always allow a r/w opening of /dev/null though the namei check. This

pattern is common, especially because of daemon(3) usage. Will probably help some daemons move their pledge() calls further upwards. ok doug,
author: deraadt <deraadt@openbsd.org> 2015-10-16 14:20:48 +0000
committer: deraadt <deraadt@openbsd.org> 2015-10-16 14:20:48 +0000
commit: 1cd6c297dd5cc6b16b47ff9e1259bd2eb15db21b (patch)
tree: acbb42025b6d74fcedebec7c76864a1e9fc59002
parent: ugly white space (diff)
download: wireguard-openbsd-1cd6c297dd5cc6b16b47ff9e1259bd2eb15db21b.tar.xz
wireguard-openbsd-1cd6c297dd5cc6b16b47ff9e1259bd2eb15db21b.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/sys/kern/kern_pledge.c b/sys/kern/kern_pledge.c
index b3e3f298615..6bcbaf2f15f 100644
--- a/sys/kern/kern_pledge.c
+++ b/sys/kern/kern_pledge.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_pledge.c,v 1.36 2015/10/16 14:04:11 semarie Exp $	*/
+/*	$OpenBSD: kern_pledge.c,v 1.37 2015/10/16 14:20:48 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -537,6 +537,13 @@ pledge_namei(struct proc *p, char *origpath)
 			return (0);
 		break;
 	case SYS_open:
+		/* daemon(3) or other such functions */
+		if ((p->p_pledgenote == TMN_RPATH ||
+		    p->p_pledgenote == TMN_WPATH)) {
+			if (strcmp(path, "/dev/null") == 0)
+				return (0);
+		}
+
 		/* getpw* and friends need a few files */
 		if ((p->p_pledgenote == TMN_RPATH) &&
 		    (p->p_p->ps_pledge & PLEDGE_GETPW)) {
author	deraadt <deraadt@openbsd.org>	2015-10-16 14:20:48 +0000
committer	deraadt <deraadt@openbsd.org>	2015-10-16 14:20:48 +0000
commit	1cd6c297dd5cc6b16b47ff9e1259bd2eb15db21b (patch)
tree	acbb42025b6d74fcedebec7c76864a1e9fc59002
parent	ugly white space (diff)
download	wireguard-openbsd-1cd6c297dd5cc6b16b47ff9e1259bd2eb15db21b.tar.xz wireguard-openbsd-1cd6c297dd5cc6b16b47ff9e1259bd2eb15db21b.zip